WO2016101591A1 - Packet response method and apparatus - Google Patents
Packet response method and apparatus Download PDFInfo
- Publication number
- WO2016101591A1 WO2016101591A1 PCT/CN2015/083593 CN2015083593W WO2016101591A1 WO 2016101591 A1 WO2016101591 A1 WO 2016101591A1 CN 2015083593 W CN2015083593 W CN 2015083593W WO 2016101591 A1 WO2016101591 A1 WO 2016101591A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- packet
- response
- client
- page
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a message response method and apparatus.
- the Internet has penetrated into all aspects of user life, and users can browse the web through the Internet to obtain various information.
- the client sends a request packet to the web server, where the source Internet Protocol (IP) address of the request packet is the IP address of the client, and the purpose of the request packet is The IP address is the IP address of the website server.
- IP Internet Protocol
- the web server receives the target packet, it returns a response packet of the target packet to the client, where the source IP address of the response packet is the IP address of the remote device, and the destination of the response packet The IP address is the IP address of the client.
- the client Before accessing the Internet, the client needs to access the network through the access device and forward the request packet and the response packet through the access device.
- the access device Before accessing the Internet, the client needs to access the network through the access device and forward the request packet and the response packet through the access device.
- the embodiment of the present invention provides a message response method and device, which can obtain a URL of a pre-configured server according to a target message of the client, so that the client accesses the webpage corresponding to the URL, and the client is configured to send the target packet. I can't access any webpage issues afterwards.
- a message response method including:
- the access device receives the target packet sent by the client, and obtains the destination Internet Protocol IP address of the target packet, where the destination packet includes the source IP address, the source port number, and the destination IP address.
- the access device processes the target packet to obtain a response packet of the target packet, where the destination IP address and the destination port number of the response packet are the source IP address and the source port of the target packet. number;
- the access device replaces the source of the response packet with the saved destination IP address of the target packet Sending the response message to the client by using an IP address;
- the access device processes the target packet to obtain the response packet of the target packet, including:
- the access device replaces the destination IP address of the target packet with the IP address of the access device, and responds to the target packet to obtain a response packet of the target packet, where the response packet is sent.
- the IP address is an IP address of the access device;
- the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:
- the access device processes the target packet to obtain the response packet of the target packet, including:
- the access device acquires an IP address of the second server
- the access device replaces the destination IP address of the target packet with the IP address of the second server, and sends the target packet to the second server, so that the second server responds to the target a message, and generating a response message of the target message;
- the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:
- the access device receives the page response returned by the second server.
- the access device receives a page acquisition request sent by the client, and processes the page acquisition request Previously, the method further includes:
- the access device performs a secure socket layer SSL negotiation with the client to determine a key for communication with the client;
- the access device receives the page acquisition request sent by the client, processes the page acquisition request, and returns a page response to the page acquisition request to the client, including:
- the access device receives an HTTP GET request sent by the client and encrypted by the key, and performs decryption processing on the HTTP GET request according to the key;
- the access device obtains a page response of the page acquisition request, and performs encryption processing on the page response according to the key;
- the access device returns the page response encrypted with the key to the client, so that the client communicates with the first server according to the URL of the first server.
- the access device receives the target packet sent by the client, obtains the destination IP address of the target packet, and saves the information, including:
- the access device uses the source IP address and the source port number of the target packet as key values, and creates a data table by using the destination IP address of the target packet as a result value;
- the access device replaces the source IP address of the response packet with the saved destination IP address of the target packet, and sends the response packet to the client, including:
- the access device uses the destination IP address and the destination port number of the response packet as key values to search for a data table corresponding to the key value;
- the access device obtains the IP address as the result value from the searched data table, and uses the IP address as the source IP address of the response packet to send the response packet to the client.
- a second aspect provides a message response apparatus, where the apparatus is disposed in an access device, and includes:
- a storage module configured to receive a target packet sent by the client, obtain the destination IP address of the target packet, and save the destination IP address, the source port number, and the destination IP address;
- a packet processing module configured to process the target packet, to obtain a response packet of the target packet, where a destination IP address and a destination port number of the response packet are source IP addresses of the target packet Source port number;
- a message sending module configured to replace the source IP address of the response packet with the destination IP address of the saved target packet, and send the response packet to the client;
- a response module configured to receive a page acquisition request sent by the client, process the page acquisition request, and return a page response to the page acquisition request to the client, where the page response includes a first server URL.
- the packet processing module is specifically configured to:
- the response module is specifically configured to:
- the packet processing module includes:
- An IP obtaining unit configured to acquire an IP address of the second server
- a first sending unit configured to replace a destination IP address of the target packet with an IP address of the second server, and send the target packet to the second server, so that the second server responds to the Decoding a target message, and generating a response message of the target message;
- a first receiving unit configured to receive the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server;
- the response module includes:
- a request processing unit configured to receive the page obtaining request, and forward the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response request of the page obtaining request;
- the response processing unit is configured to receive the page response returned by the second server, and return the page response to the client.
- the device further includes:
- An SSL negotiation module configured to perform SSL negotiation with the client to determine a key for communicating with the client
- the response module includes:
- a second receiving unit configured to receive an HTTP GET request sent by the client and encrypted by the key, and perform decryption processing on the HTTP GET request according to the key;
- the response obtaining unit is configured to obtain a page response of the page obtaining request in response to the decrypted HTTP GET request, and perform encryption processing on the page response according to the key;
- a second sending unit configured to return, to the client, the page response encrypted by the key, so that the client communicates with the first server according to a URL of the first server.
- the storage module includes:
- An IP obtaining unit configured to receive a target packet sent by the client, and obtain a source IP address, a source port number, and a destination IP address of the target packet;
- a creating unit configured to use a source IP address and a source port number of the target packet as a key value, and create a data table by using a destination IP address of the target packet as a result value;
- the message sending module includes:
- a searching unit configured to use a destination IP address and a destination port number of the response packet as key values to search for a data table corresponding to the key value
- An IP conversion unit configured to obtain an IP address as a result value from a data table searched by the searching unit, and send the IP address as a source IP address of the response packet to the client Response message.
- the embodiment of the invention has the following beneficial effects:
- the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, by using the saved target packet.
- the destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated.
- the destination IP address may be The client returns a page response including the first server URL, so that the client can access the page corresponding to the URL.
- FIG. 1 is a schematic flowchart of a message response method according to an embodiment of the present disclosure
- FIG. 2 is a schematic diagram of interaction of a message response method according to an embodiment of the present invention.
- FIG. 3 is a schematic diagram of interaction of another packet response method according to an embodiment of the present invention.
- FIG. 4 is a schematic structural diagram of a message response apparatus according to an embodiment of the present disclosure.
- FIG. 5 is a schematic structural diagram of another message response apparatus according to an embodiment of the present disclosure.
- FIG. 6 is a schematic structural diagram of still another message response apparatus according to an embodiment of the present disclosure.
- FIG. 7 is a schematic structural diagram of an access device according to an embodiment of the present invention.
- FIG. 1 is a schematic flowchart of a message response method according to an embodiment of the present invention, including:
- the access device receives the target packet sent by the client, obtains the destination IP address of the target packet, and saves the destination IP address.
- the client inputs a Uniform Resource Locator (URL) of the website to be accessed by the browser, and sends a DNS request to the Domain Name System (DNS) server corresponding to the website. And receiving the IP address of the website returned by the DNS server in response to the DNS request.
- the access device proxy may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
- the access device in the embodiment of the present invention may be a device such as a switch or a router.
- the client After obtaining the IP address of the website, that is, the destination IP address, the client sends the target packet.
- the access device receives the target packet sent by the client.
- the target packet includes a source IP address, a source port number, and the destination IP address.
- the target message is a Hypertext Transfer Protocol (HTTP) message, a Hypertext Transfer Protocol Secure (HTTPS) message, or other application layer protocol message, such as User Datagram Protocol (UDP) packet when the DNS packet is redirected.
- HTTP Hypertext Transfer Protocol
- HTTPS Hypertext Transfer Protocol Secure
- UDP User Datagram Protocol
- the port number of the transmission control protocol (TCP) of the packet is 80 (HTTP packet) and 443 (HTTPS packet). If the port number of the UDP destination port is 53 (DNS packet), the received packet can be used as the destination packet.
- the access device processes the target packet to obtain a response packet of the target packet.
- the destination IP address and the destination port number of the response packet are the source IP address and the source port number of the target packet.
- S103 The access device replaces the source IP address of the response packet with the destination IP address of the saved target packet, and sends the response packet to the client.
- the access device may save the destination IP address of the target packet by creating a data table, where the data table includes a correspondence between a key value (KEY) and a result value (VALUE); the data table may be a Greek HASH table.
- the access device receives the target packet sent by the client, and obtains the destination IP address of the target packet and saves the packet, where the access device receives the target packet sent by the client, and obtains the target.
- the source IP address, the source port number, and the destination IP address of the packet; the source IP address and the source port number of the target packet are used as KEYs, and the destination IP address of the target packet is stored as the VALUE as the VALUE.
- the table includes a correspondence between a key value (KEY) and a result value (VALUE); the data table may be a Greek HASH table.
- the access device receives the target packet sent by the client, and obtains the destination IP address of the target packet and saves the packet, where the access device receives the target packet sent
- the access device replaces the source IP address of the response packet with the destination IP address of the saved target packet, and sends the response packet to the client, which may be specifically:
- the ingress device uses the destination IP address and the destination port number of the response packet as a KEY to search for a data table corresponding to the KEY; obtains an IP address as a VALUE from the found data table, and uses the IP address as a Sending the response packet to the client by using a source IP address of the response packet.
- the access device may further detect whether the destination IP address of the target packet is the first The IP address of a server; if not the IP address of the first server, the target message is The destination IP address is stored. Otherwise, the packet is forwarded and forwarded without being picked up.
- the access device receives a page acquisition request sent by the client, processes the page acquisition request, and returns a page response to the page acquisition request to the client.
- the page response includes a URL of the first server.
- the first server may be a server associated with the access device, where the first server includes a webpage web server, a video server, a game server, and the like, which are not limited in the embodiment of the present invention.
- the access device processes the target packet to obtain the response packet of the target packet, which may be specifically: the access device replaces the IP address of the access device with the The destination IP address of the target packet is obtained by the destination IP address of the target packet, and the source IP address of the response packet is the IP address of the access device.
- the access device is pre-configured with the URL address of the first server to generate a page response including the first server URL in response to the request when receiving the page acquisition request sent by the client.
- the access device receives the page obtaining request sent by the client, and the processing of the page obtaining request may be: the access device receives a page obtaining request sent by the client, and responds to the page obtaining request. Get the page response of the page get request.
- the access device is further configured to receive an HTTP GET request, that is, a page acquisition request sent by the client according to the response packet, and before processing the page acquisition request.
- the client needs to negotiate with a Secure Sockets Layer (SSL) and determine a key for communication with the client.
- SSL Secure Sockets Layer
- the access device receives the page obtaining request sent by the client, processes the page obtaining request, and returns a page response to the page obtaining request to the client, which may be specifically:
- the ingress device receives an HTTP GET request sent by the client and encrypted by the key, and decrypts the HTTP GET request according to the key;
- the access device responds to the decrypted HTTP GET request, Obtaining a page response of the page obtaining request, and performing encryption processing on the page response according to the key;
- the access device returns, to the client, the page response encrypted by the key, so that The client communicates with the first server according to the URL of the first server.
- the second server that is, the redirecting server, may be configured to perform redirection processing on the HTTP packet and the HTTPS packet sent by the client, where the first server may be The second server is associated, and the URL address of the first server is configured in the second server.
- the access device processes the target packet to obtain a response packet of the target packet
- the access device may obtain the IP address of the second server; the access device replaces the destination IP address of the target packet with the IP address of the second server, and sends the second IP address to the second server.
- the access device receives the page obtaining request sent by the client, and the processing of the page obtaining request may be: the access device receives the page obtaining request, and forwards the request to the second server.
- the page obtains a request, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request; and the access device receives the page response returned by the second server.
- the embodiment of the present invention receives the target packet sent by the client, the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, and the saved target packet is saved.
- the destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated.
- the client receives the page acquisition request sent by the response packet, A page response including the first server URL is returned to the client, so that the client can access the page corresponding to the URL.
- FIG. 2 is a schematic diagram of interaction of a message response method according to an embodiment of the present invention.
- the method may include:
- the client inputs the URL of the website to be accessed through the browser, sends a DNS request to the corresponding DNS server of the website, and receives the IP address of the website returned by the DNS server in response to the DNS request.
- the access device proxy may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
- the client After obtaining the IP address of the website, the client sends a TCP SYN (synchronize) message, that is, the target message, and wants to establish a TCP connection with the remote website.
- the destination IP address of the TCP SYN packet is the IP address of the website, and the source IP address and the source port number are the IP address and port number corresponding to the client.
- the source IP address and the source port number of the TCP SYN packet are used as key values, and the destination IP address of the TCP SYN packet is used as the result value to create a HASH table.
- the access device after receiving the TCP SYN packet, uses the source IP address and the source port number of the packet as the key value KEY, and the destination IP address as the result value VALUE.
- the HASH table is created to store the destination IP address of the packet, so that the destination IP address can be obtained during subsequent IP conversion.
- the access device may also detect whether the destination IP address of the packet is an IP address of the first server that is a pre-configured web server; If not, the access device may create a HASH table according to the source IP address and the destination IP address of the packet; if yes, the access device forwards the packet and does not perform the pickup.
- the access device may further determine whether the packet is a TCP SYN packet; if the TCP SYN packet is the The access device can create a HASH table according to the source IP address, port number, and destination IP address of the TCP SYN packet.
- the access device uses the IP address of the access device as the destination IP address of the TCP SYN packet, and recalculates the checksum of the TCP packet header and the IP packet header in the TCP SYN packet.
- the access device generates a TCP SYN ACK packet in response to the TCP SYN packet.
- the destination IP address and the destination port number of the TCP SYN ACK packet are used as key values, and the HASH table corresponding to the key value is searched, and the IP address as the result value is obtained from the found HASH table, and the IP address is obtained.
- the address is the source IP address of the TCP SYN ACK packet.
- the access device searches for the HASH table according to the destination IP address and the destination port number of the TCP SYN ACK packet, and the IP address and the port number of the client are used as the KEY.
- the destination IP address of the TCP SYN packet is the VALUE corresponding to the KEY.
- the IP address corresponding to the VALUE is used as the source IP address of the TCP SYN ACK packet, and the checksum of the TCP header and the IP header in the TCP SYN ACK packet is recalculated and sent to the client, thereby implementing the IP address. Conversion.
- the access device can perform IP address translation through the HASH table and reply to the client packet.
- S206 Send a TCP ACK packet.
- S207 The access device performs SSL negotiation with the client, and determines a key for communication between the access device and the client.
- the access device negotiates a certificate with the client to determine a key for communication between the access device and the client.
- S209 Perform SSL processing on the HTTP GET request to generate a TCP FIN packet, where the TCP FIN packet includes a URL of the web server.
- the client after the access device performs SSL negotiation with the client, the client encrypts the HTTPS GET request, that is, the page acquisition request, according to the key determined by the SSL negotiation, and sends the encrypted HTTPS GET request packet to the access. device.
- the access device After receiving the encrypted HTTPS GET request packet, the access device decrypts the HTTPS GET request packet according to the key determined by the SSL negotiation, thereby obtaining the plaintext data, and generating a redirect in response to the HTTPS GET request.
- the TCP FIN packet is a page response.
- the TCP FIN packet may be an HTTP 301 response packet or an HTTP 302 response packet.
- the TCP FIN packet includes a pre-configured web server, that is, a URL of the first server, so that the client The terminal communicates with the web server according to the URL.
- the TCP tag location is FIN, and the link between the client and the access device is closed.
- the access device may further encrypt the TCP FIN packet by using the negotiated key, and the client receives the TCP FIN packet according to the negotiated key.
- the TCP FIN message is decrypted to obtain plaintext data.
- S211 Send a TCP ACK packet.
- the client after receiving the TCP FIN message returned by the access device, the client replies with the ACK and the FIN message, and the access device responds to the ACK and FIN message and replies with the ACK message.
- the HASH table may further include connection state information of the access device and the client, and may update the device when receiving the packet sent by the client or sending the packet to the client. Determining the connection status information of the access device and the client recorded in the HASH table, to the HASH The table is managed.
- the connection status information may include an initial status Initial, a redirect status Redirect, a FIN message receiving status FIN Received, a FIN message sending status FIN Sent, a connection closed status closed, and the like.
- the created HASH table can be as shown in Table 1.
- the access device may record the connection state information of the access device and the client as Initial when receiving the TCP SYN packet sent by the client, and update the connection state information when the access device sends the redirect message.
- the connection status information is updated to FIN_Received, and the connection status information is updated to Closed when the FIN message sent by the client responds with a TCP ACK message. If the access device detects that the connection status information recorded in the HASH table is closed, it can determine that the connection status between the access device and the client is off, and the HASH table can be deleted.
- the HASH table can be deleted and the resources are released. However, in some abnormal situations, such as the physical link loss, the HASH connection entry is not deleted normally. You can use the new HASH table to overwrite the old HASH table to delete the old HASH table.
- the number of entries allowed for each HASH table may be preset. For example, the total length of the HASH table is 512 (ie, the range of the HASH table index). If the conflict is set to 4 times, the HASH table has a total of 512*4. specification. Whenever a new connection request is established, if it is calculated that the index of the HASH table already has 4 connections, the oldest connection is overwritten with the new connection.
- S216 Send a TCP ACK packet.
- the client initiates a TCP connection with the web server, redirects to the web server according to the URL, communicates with the web server, and the web server pushes the page to the client.
- the web server is a portal server, and after the client initiates a TCP connection with the portal server, the portal server can push the authentication page to the client.
- the access device does not perform the above redirection process, and directly forwards the IP packet to the web server.
- the HASH table is created according to the source IP address and the source port number of the SYN packet, so as to store the destination IP address of the packet.
- the IP address of the access device is used as the destination IP address of the target packet, and the response packet is generated in response to the target packet, and then the destination IP address that is found in the HASH table is used as the source of the response packet.
- the IP address is sent to the client after the IP address is translated, and the HTTP GET request sent by the client according to the response message is sent to the client, and the HTTP GET request is processed by SSL.
- the client replies to the URL of the pre-configured web server, so that the HTTPS message is redirected, so that the client can access the webpage corresponding to the URL.
- FIG. 3 is a schematic diagram of interaction of another packet response method according to an embodiment of the present invention.
- the method may include:
- the client inputs the URL of the website to be accessed through the browser, sends a DNS request to the corresponding DNS server of the website, obtains the IP address of the website, and sends a TCP SYN message to the access device, that is, the target report. Text.
- the source IP address and the source port number of the TCP SYN packet are used as key values, and the destination IP address of the TCP SYN packet is used as the result value to create a HASH table.
- the access device after receiving the TCP SYN packet, uses the source IP address and the source port number of the packet as the key value KEY, and the destination IP address as the result value VALUE, creates a HASH table, and stores the report.
- the destination IP address of the text is used to obtain the destination IP address for subsequent IP conversion.
- the redirecting server that is, the second server, configured to redirect the HTTP packets, the HTTPS packets, the DNS packets, and the like sent by the client, may be deployed in the system, so that the redirecting
- the web server stored in the server, that is, the URL of the first server can be flexibly configured.
- the access device creates a HASH table, that is, stores the destination IP address of the TCP SYN packet.
- the IP address of the redirect server is used as the destination IP address of the TCP SYN packet, and the checksum of the TCP header and the IP header in the TCP SYN packet is recalculated, and the TCP SYN packet is sent to the redirect.
- the server performs packet processing by the redirect server.
- the redirecting server after receiving the TCP SYN packet sent by the access device, the redirecting server responds to the packet and generates a TCP SYN ACK packet, and returns the TCP SYN ACK packet to the access device.
- the destination IP address and destination port number of the TCP SYN ACK packet are the IP address and port number corresponding to the client.
- the access device receives the TCP SYN ACK packet, which is a response packet, and responds to the destination IP address and destination port number of the TCP SYN ACK packet, that is, the IP address and port number of the client are used as KEY, find the HASH table, obtain the destination IP address of the TCP SYN packet, that is, the VALUE corresponding to the KEY, and use the IP address corresponding to the VALUE as the source IP address of the TCP SYN ACK packet, and recalculate the TCP SYN.
- the checksum of the TCP header and the IP header in the ACK packet is sent to the client, thereby implementing IP address translation.
- the packets of the HTTP port, the HTTPS packet, the DNS packet, and the like that is, the TCP destination port number is 80, 443, or the UDP destination port number is 53.
- the access device can replace the destination IP address of the received packet with the IP address of the redirecting server, and forward the packet to the redirecting server.
- the responding server responds to the packet after responding.
- Sending to the access device the access device performs IP address translation according to the HASH table, and sends the response packet to the source IP address of the response packet.
- the client will not go into details later.
- S308 Send a TCP ACK packet.
- S309 Send a TCP ACK packet.
- S310 Send an HTTP GET request.
- S311 Send an HTTP GET request.
- S312 Generate a TCP FIN message in response to the HTTP GET request, where the TCP FIN message includes a URL of the web server.
- the redirect server may further perform SSL negotiation with the client to determine a key for communication between the redirect server and the client. Further, the client may encrypt the HTTPS GET request according to the key determined by the SSL negotiation, and send the encrypted HTTP GET request to the redirect server through the access device.
- the redirecting server decrypts the HTTPS GET request packet according to the key determined by the SSL negotiation, thereby obtaining the plaintext data, and responding to the HTTPS GET request.
- the TCP FIN message is generated by the redirection packet.
- the TCP FIN packet may be an HTTP 301 response packet or an HTTP 302 response packet.
- the TCP FIN packet includes a pre-configured URL of the web server to enable the client. Communicate with the web server based on the URL.
- the URL of the web server in the redirect server can be flexibly configured according to user requirements.
- S315 Send a TCP ACK packet.
- S317 Send a TCP FIN message.
- the client after receiving the TCP FIN message returned by the access device, the client replies with an ACK and a FIN message.
- the access device can replace the destination IP address of the TCP FIN packet with the IP address of the redirect server and forward it to the redirect server.
- the redirecting server responds to the TCP FIN packet and replies with an ACK, and returns the replied TCP ACK packet to the access device, and the access device replies to the TCP ACK packet to the client.
- S323 Send a TCP ACK packet.
- the client may initiate a TCP connection with the web server, and redirect to the web server according to the URL, and the web The server communicates.
- the embodiment of the present invention implements the redirection of the packets such as the HTTP packet and the HTTPS packet by deploying the redirecting server, that is, the second server, so that the redirected server can be redirected to the web server.
- the URL is flexibly configured.
- the deployment of the redirect server also reduces the load on the access device to a certain extent. It can effectively redirect packets such as HTTP packets and HTTPS packets, so that the client can access the URL.
- FIG. 4 is a schematic structural diagram of a message response apparatus according to an embodiment of the present invention.
- the apparatus may include a storage module 11, a message processing module 12, a message sending module 13, and a response module 14.
- the device in the embodiment of the present invention may be specifically configured in an access device such as a switch or a router.
- the storage module 11 is configured to receive a target packet sent by the client, obtain a destination IP address of the target packet, and save the destination IP address.
- the target packet includes a source IP address, a source port number, and the destination IP address.
- the client inputs the URL of the website that is to be accessed through the browser, obtains the IP address of the website, sends a DNS request to the corresponding DNS server of the website, and receives the DNS server returns in response to the DNS request.
- the IP address of the website may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
- the client After obtaining the IP address of the website, that is, the destination IP address, the client sends the target packet.
- the storage module 11 receives the target packet sent by the client, and saves the destination IP address of the target packet.
- the target packet is an HTTP packet, an HTTPS packet, or another application layer protocol packet, such as a UDP packet when the DNS packet is redirected.
- the access device receives the packet sent by the client, and if the TCP port number of the packet is 80 (HTTP packet), 443 (HTTPS packet), or UDP destination port number is 53 ( The received packet is used as the destination packet.
- the message processing module 12 is configured to process the target packet to obtain the response of the target packet Should be a message.
- the destination IP address and the destination port number of the response packet are the source IP address and the source port number of the target packet.
- the message processing module 12 may save the destination IP address of the target packet by creating a data table, where the data table includes a correspondence between a key value (KEY) and a result value (VALUE), such as The source IP address and the source port number of the target packet are used as the KEY, and the destination IP address of the target packet is stored in the data table as a VALUE.
- the data table can be a hash HASH table.
- the message sending module 13 is configured to replace the source IP address of the response packet with the saved destination IP address of the target packet, and send the response packet to the client.
- the message sending module 13 can also use the destination IP address of the saved target message as the response message. Source IP address, and send the response message to the client.
- the response module 14 is configured to receive a page acquisition request sent by the client, process the page acquisition request, and return a page response to the page acquisition request to the client, where the page response includes The URL of a server.
- the first server may be a server associated with the access device, where the first server includes a webpage web server, a video server, a game server, and the like, which are not limited in the embodiment of the present invention.
- the URL address of the first server is pre-configured in the access device.
- the response module 14 may perform a redirect process on the HTTP GET request to obtain a page response, and return a redirect to the client.
- the URL to the web server.
- the embodiment of the present invention receives the target packet sent by the client, the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, and the saved target packet is saved.
- the destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated.
- the client receives the page acquisition request sent by the response packet, A page response including the first server URL is returned to the client, so that the client can access the page corresponding to the URL.
- FIG. 5 is a schematic structural diagram of another packet response apparatus according to an embodiment of the present invention.
- the packet processing module 12 may be specifically configured to:
- the response module 14 can be specifically configured to:
- the device may further include:
- the SSL negotiation module 15 is configured to perform SSL negotiation with the client to determine a key for communication with the client.
- the response module 14 can further include:
- the second receiving unit 141 is configured to receive an HTTP GET request sent by the client and encrypted by the key, and perform decryption processing on the HTTP GET request according to the key;
- the response obtaining unit 142 is configured to obtain a page response of the page obtaining request in response to the HTTP GET request after the decryption process, and perform encryption processing on the page response according to the key;
- the second sending unit 143 is configured to return, to the client, the page response encrypted by the key, so that the client communicates with the first server according to the URL of the first server.
- the SSL negotiation module 15 may perform SSL negotiation with the client, negotiate the certificate with the client, and determine the access device and the The key for communication between clients.
- the second receiving unit 141 may receive an HTTP GET request sent by the client and encrypted by the SSL negotiation key, and perform SSL processing on the HTTP GET request to decrypt the plaintext data.
- the response obtaining unit 142 can respond to the HTTP GET request, generate a redirect message, that is, a page response, and encrypt the redirect message with the key, and then reply the redirect message to the client by using the second sending unit 143. Ending, so that the client communicates with the web server according to the URL of the web server, and redirects the client request to the web server.
- the access device After the access device receives the target packet sent by the client, the access device stores the destination IP address of the packet, and uses the IP address of the access device as the destination IP address of the target packet. And generating a response packet in response to the target packet, and then using the stored destination IP address as the source IP address of the response packet, performing IP address translation, and sending the response packet to the client; SSL negotiation, receiving an SSL-negoed HTTP GET request sent by the client according to the response packet, and performing SSL on the HTTP GET request After the processing, the URL of the pre-configured web server is returned to the client, so that the HTTPS packet is redirected, so that the client can access the webpage corresponding to the URL.
- FIG. 6 is a schematic structural diagram of another packet response apparatus according to an embodiment of the present invention.
- the packet processing module 12 may further include:
- the IP obtaining unit 121 is configured to acquire an IP address of the second server.
- the first sending unit 122 is configured to replace the destination IP address of the target packet with an IP address of the second server, and send the target packet to the second server, so that the second server responds Decoding a target packet, and generating a response packet of the target packet;
- the first receiving unit 123 is configured to receive the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server.
- the redirecting server that is, the second server, configured to redirect the HTTP packets and the HTTPS packets sent by the client, may be deployed in the system.
- the second server is associated, and the URL address of the first server is configured in the second server, so that the URL of the web server stored in the second server can be flexibly configured.
- the IP address of the second server is obtained by the IP obtaining unit 121, and the first sending unit 122 uses the IP address of the second server as the target packet.
- the target packet is sent to the second server, and the second server performs packet processing and generates the target packet.
- the response message of the text receives the response message returned by the second server.
- the response module 14 may include:
- the request processing unit 144 is configured to receive the page obtaining request, and forward the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request. ;
- the response processing unit 145 is configured to receive the page response returned by the second server, and return the page response to the client.
- the second server may further perform SSL negotiation with the client to determine a key for communication between the second server and the client. Further, the client may encrypt the HTTP GET request according to the key determined by the SSL negotiation, and send the request to the access device, and the access device may pass the request processing unit 144.
- the encrypted HTTP GET request is sent to the second server to cause the second server to perform SSL processing on the HTTP GET request and generate a page response containing the URL of the first server, such as the web server, that needs to be redirected.
- the response processing unit 145 receives the page response returned by the second server.
- the URL of the web server in the second server can be flexibly configured according to user requirements.
- the embodiment of the present invention implements redirection of packets such as HTTP packets or HTTPS packets by deploying a redirect server, that is, a second server, so that a redirected server can be redirected to the web server.
- the URL is flexibly configured.
- the deployment of the redirect server also reduces the load on the access device to a certain extent. It can effectively redirect packets such as HTTP packets and HTTPS packets, so that the client can access the URL.
- the storage module 11 may further include:
- the IP obtaining unit 111 is configured to receive a target packet sent by the client, and obtain a source IP address, a source port number, and a destination IP address of the target packet.
- the creating unit 112 is configured to use the source IP address and the source port number of the target packet as key values, and create a data table by using the destination IP address of the target packet as a result value;
- the created data table may be specifically a HASH table.
- the IP obtaining unit 111 can obtain the source IP address, the source port number, and the destination IP address of the target packet, and the creating unit 112 uses the source IP address and the source port number of the packet as the source IP address and the source port number of the packet.
- the key value KEY, the destination IP is used as the result value VALUE, and a HASH table is created to store the destination IP address of the packet, so as to obtain the destination IP address when performing subsequent IP conversion.
- the message sending module 13 may further include:
- the searching unit 131 is configured to use the destination IP address and the destination port number of the response packet as key values to search for a data table corresponding to the key value.
- the IP conversion unit 132 is configured to obtain an IP address as a result value from the data table searched by the searching unit 131, and send the IP address as a source IP address of the response packet to the client.
- the response message is configured to obtain an IP address as a result value from the data table searched by the searching unit 131, and send the IP address as a source IP address of the response packet to the client. The response message.
- the searching unit 131 may use the IP address and the port number of the client as the KEY to find the HASH table and obtain the target according to the destination IP address and the destination port number of the response packet.
- the destination IP address of the packet is the VALUE corresponding to the KEY, and the IP address corresponding to the VALUE is used as the source IP address of the response packet by the IP conversion unit 132, and the TCP in the response packet is recalculated.
- the checksum of the packet header and the IP header is sent to the client to implement IP address translation.
- the HASH table when receiving the target packet sent by the client, the HASH table is created according to the source IP address and the source port number of the target packet, and the destination IP address of the packet is stored and processed.
- the target packet is used to obtain the response packet of the target packet, and then the destination IP address that is found in the HASH table is used as the source IP address of the response packet, and the IP address is translated and sent to the client.
- the client sends a URL of the first server to the client, so as to redirect the packet such as the HTTP or HTTPS packet. So that the client can access the web page corresponding to the URL.
- FIG. 7 is a schematic structural diagram of an access device according to an embodiment of the present invention.
- the access device according to the embodiment of the present invention includes: a communication port 300, a memory 200, and a processor 100, and the communication port 300.
- the data connection between the memory 200 and the processor 100 may be performed through a bus, or may be connected by other means. In the present embodiment, a bus connection will be described.
- the memory 200 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage.
- RAM random access memory
- non-volatile memory such as at least one disk storage.
- a program is stored in the memory 200.
- the program can include program code, the program code including computer operating instructions.
- the processor 100 executes the program stored in the memory 200 to implement the message response method shown in FIG. 1 of the present invention, including:
- processing the target packet to obtain the response packet of the target packet includes:
- the receiving the page obtaining request sent by the client, and processing the page obtaining request specifically includes:
- processing the target packet to obtain the response packet of the target packet includes:
- the receiving the page obtaining request sent by the client, and processing the page obtaining request specifically includes:
- the method may further include:
- the receiving the page obtaining request sent by the client, processing the page obtaining request, and returning the page response to the page obtaining request to the client specifically:
- the page response encrypted with the key is returned to the client via the communication port 300 to cause the client to communicate with the first server according to the URL of the first server.
- the receiving the target packet sent by the client acquiring the destination IP address of the target packet, and saving, specifically:
- the source IP address and the source port number of the target packet are used as key values, and the destination IP address of the target packet is used as a result value to create a data table.
- the memory 200 can also be used to store the data table.
- the source IP address of the response packet is replaced by the destination IP address of the saved target packet, and the response packet is sent to the client, which specifically includes:
- the IP address as the result value is obtained from the searched data table, and the IP address is used as the source IP address of the response packet, and the response packet is sent to the client through the communication port 300.
- the processor 100 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP), an application specific integrated circuit. (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
- CPU central processing unit
- NP processor network processor
- DSP digital signal processor
- ASIC application specific integrated circuit
- FPGA Field Programmable Gate Array
- FPGA Field Programmable Gate Array
- the disclosed apparatus and method may be implemented in other manners.
- the device embodiments described above are merely illustrative.
- the division of the unit is only a logical function division, and may be additionally implemented in actual implementation.
- Sub-systems, such as multiple units or components, may be combined or integrated into another system, or some features may be omitted or not implemented.
- the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
- the units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
- each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
- the above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
- the above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium.
- the above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps.
- the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the present invention relates to the technical field of communication and discloses a packet response method and apparatus. The method comprises: an access device receives a target packet sent by a client and obtains and saves a destination Internet Protocol (IP) address of the target packet; the access device processes the target packet to obtain a response packet of the target packet; the access device replaces an original IP address of the response packet with the saved destination IP address of the target packet, and sends the response packet to the client; the access device receives and processes a page acquisition request sent by the client, and returns to the client a page response to the page acquisition request, the page response comprising a uniform resource locator (URL) of a first server. Implementing the present invention obtains a preset URL of the server according to the response packet of the client and enables the client to access websites corresponding to the URL.
Description
本发明涉及通信技术领域,尤其涉及一种报文响应方法及装置。The present invention relates to the field of communications technologies, and in particular, to a message response method and apparatus.
目前,互联网已深入用户生活的方方面面,用户可通过互联网浏览网页,以获取各种信息。用户通过客户端访问网页时,客户端向网站服务器发送请求报文,其中,所述请求报文的源互联网协议(Internet Protocol,简称IP)地址为该客户端的IP地址,该请求报文的目的IP地址为该网站服务器的IP地址。当该网站服务器接收到该目标报文时,就会向客户端返回目标报文的响应报文,所述响应报文的源IP地址为该远端设备的IP地址,该响应报文的目的IP地址为该客户端的IP地址。At present, the Internet has penetrated into all aspects of user life, and users can browse the web through the Internet to obtain various information. When the user accesses the webpage through the client, the client sends a request packet to the web server, where the source Internet Protocol (IP) address of the request packet is the IP address of the client, and the purpose of the request packet is The IP address is the IP address of the website server. When the web server receives the target packet, it returns a response packet of the target packet to the client, where the source IP address of the response packet is the IP address of the remote device, and the destination of the response packet The IP address is the IP address of the client.
客户端访问互联网之前,需要通过接入设备接入网络,并通过该接入设备转发上述请求报文和响应报文。但在实际应用中,该接入设备与该网站服务器之间可能存在通信故障,这样就导致客户端无法接收到上述目标报文的响应报文,且无法访问到任何网页。Before accessing the Internet, the client needs to access the network through the access device and forward the request packet and the response packet through the access device. However, in actual applications, there may be a communication failure between the access device and the website server, so that the client cannot receive the response message of the target message and cannot access any webpage.
发明内容Summary of the invention
本发明实施例提供了一种报文响应方法及装置,能够根据客户端的目标报文获取预先配置的服务器的URL,以使客户端访问该URL对应的网页,解决了客户端在发送目标报文后无法访问到任何网页的问题。The embodiment of the present invention provides a message response method and device, which can obtain a URL of a pre-configured server according to a target message of the client, so that the client accesses the webpage corresponding to the URL, and the client is configured to send the target packet. I can't access any webpage issues afterwards.
第一方面,提供一种报文响应方法,包括:In a first aspect, a message response method is provided, including:
接入设备接收客户端发送的目标报文,获取所述目标报文的目的互联网协议IP地址并保存,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址;The access device receives the target packet sent by the client, and obtains the destination Internet Protocol IP address of the target packet, where the destination packet includes the source IP address, the source port number, and the destination IP address.
所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号;The access device processes the target packet to obtain a response packet of the target packet, where the destination IP address and the destination port number of the response packet are the source IP address and the source port of the target packet. number;
所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源
IP地址,向所述客户端发送所述响应报文;The access device replaces the source of the response packet with the saved destination IP address of the target packet
Sending the response message to the client by using an IP address;
所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的统一资源定位符URL。Receiving, by the access device, a page acquisition request sent by the client, processing the page acquisition request, and returning a page response to the page acquisition request to the client, where the page response includes the first server Uniform Resource Locator URL.
结合第一方面,在第一方面的第一种可能的实现方式中,In conjunction with the first aspect, in a first possible implementation of the first aspect,
所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,包括:The access device processes the target packet to obtain the response packet of the target packet, including:
所述接入设备用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;The access device replaces the destination IP address of the target packet with the IP address of the access device, and responds to the target packet to obtain a response packet of the target packet, where the response packet is sent. The IP address is an IP address of the access device;
相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,包括:Correspondingly, the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:
所述接入设备接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应。Receiving, by the access device, a page obtaining request sent by the client, and responding to the page obtaining request, obtaining a page response of the page obtaining request.
结合第一方面,在第一方面的第二种可能的实现方式中,In conjunction with the first aspect, in a second possible implementation of the first aspect,
所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,包括:The access device processes the target packet to obtain the response packet of the target packet, including:
所述接入设备获取第二服务器的IP地址;The access device acquires an IP address of the second server;
所述接入设备用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;The access device replaces the destination IP address of the target packet with the IP address of the second server, and sends the target packet to the second server, so that the second server responds to the target a message, and generating a response message of the target message;
所述接入设备接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址;Receiving, by the access device, the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server;
相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,包括:Correspondingly, the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:
所述接入设备接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;Receiving, by the access device, the page obtaining request, and forwarding the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request;
所述接入设备接收所述第二服务器返回的所述页面响应。The access device receives the page response returned by the second server.
结合第一方面的第一种可能的实现方式,在第一方面的第三种可能的实现方式中,在所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求之前,所述方法还包括:
In conjunction with the first possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the access device receives a page acquisition request sent by the client, and processes the page acquisition request Previously, the method further includes:
所述接入设备与所述客户端进行安全套接层SSL协商,确定与所述客户端之间进行通信的密钥;The access device performs a secure socket layer SSL negotiation with the client to determine a key for communication with the client;
相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,包括:Correspondingly, the access device receives the page acquisition request sent by the client, processes the page acquisition request, and returns a page response to the page acquisition request to the client, including:
所述接入设备接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;The access device receives an HTTP GET request sent by the client and encrypted by the key, and performs decryption processing on the HTTP GET request according to the key;
所述接入设备响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;Responding to the HTTP GET request after the decryption process, the access device obtains a page response of the page acquisition request, and performs encryption processing on the page response according to the key;
所述接入设备向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。The access device returns the page response encrypted with the key to the client, so that the client communicates with the first server according to the URL of the first server.
结合第一方面,或者第一方面的第一种可能的实现方式,或者第一方面的第二种可能的实现方式,或者第一方面的第三种可能的实现方式,在第一方面的第四种可能的实现方式中,With reference to the first aspect, or the first possible implementation of the first aspect, or the second possible implementation of the first aspect, or the third possible implementation of the first aspect, in the first aspect Of the four possible implementations,
所述接入设备接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,包括:The access device receives the target packet sent by the client, obtains the destination IP address of the target packet, and saves the information, including:
所述接入设备接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;Receiving, by the access device, a target packet sent by the client, acquiring a source IP address, a source port number, and a destination IP address of the target packet;
所述接入设备将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表;The access device uses the source IP address and the source port number of the target packet as key values, and creates a data table by using the destination IP address of the target packet as a result value;
相应地,所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文,包括:Correspondingly, the access device replaces the source IP address of the response packet with the saved destination IP address of the target packet, and sends the response packet to the client, including:
所述接入设备将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;The access device uses the destination IP address and the destination port number of the response packet as key values to search for a data table corresponding to the key value;
所述接入设备从查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。The access device obtains the IP address as the result value from the searched data table, and uses the IP address as the source IP address of the response packet to send the response packet to the client.
第二方面,提供一种报文响应装置,所述装置设置于接入设备中,包括:A second aspect provides a message response apparatus, where the apparatus is disposed in an access device, and includes:
存储模块,用于接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址;a storage module, configured to receive a target packet sent by the client, obtain the destination IP address of the target packet, and save the destination IP address, the source port number, and the destination IP address;
报文处理模块,用于处理所述目标报文,以获取所述目标报文的响应报文,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口
号;a packet processing module, configured to process the target packet, to obtain a response packet of the target packet, where a destination IP address and a destination port number of the response packet are source IP addresses of the target packet Source port
number;
报文发送模块,用于用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文;a message sending module, configured to replace the source IP address of the response packet with the destination IP address of the saved target packet, and send the response packet to the client;
响应模块,用于接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的URL。a response module, configured to receive a page acquisition request sent by the client, process the page acquisition request, and return a page response to the page acquisition request to the client, where the page response includes a first server URL.
结合第二方面,在第二方面的第一种可能的实现方式中,In conjunction with the second aspect, in a first possible implementation of the second aspect,
所述报文处理模块具体用于:The packet processing module is specifically configured to:
用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;And replacing the destination IP address of the target packet with the IP address of the access device, and responding to the target packet to obtain a response packet of the target packet, where the source IP address of the response packet is IP address of the access device;
所述响应模块具体用于:The response module is specifically configured to:
接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应,并向所述客户端返回所述页面响应。Receiving a page acquisition request sent by the client, responding to the page acquisition request, obtaining a page response of the page acquisition request, and returning the page response to the client.
结合第二方面,在第二方面的第二种可能的实现方式中,In conjunction with the second aspect, in a second possible implementation of the second aspect,
所述报文处理模块包括:The packet processing module includes:
IP获取单元,用于获取第二服务器的IP地址;An IP obtaining unit, configured to acquire an IP address of the second server;
第一发送单元,用于用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;a first sending unit, configured to replace a destination IP address of the target packet with an IP address of the second server, and send the target packet to the second server, so that the second server responds to the Decoding a target message, and generating a response message of the target message;
第一接收单元,用于接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址;a first receiving unit, configured to receive the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server;
所述响应模块包括:The response module includes:
请求处理单元,用于接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;a request processing unit, configured to receive the page obtaining request, and forward the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response request of the page obtaining request;
响应处理单元,用于接收所述第二服务器返回的所述页面响应,并向所述客户端返回所述页面响应。The response processing unit is configured to receive the page response returned by the second server, and return the page response to the client.
结合第二方面的第一种可能的实现方式,在第二方面的第三种可能的实现方式中,所述装置还包括:
In conjunction with the first possible implementation of the second aspect, in a third possible implementation of the second aspect, the device further includes:
SSL协商模块,用于与所述客户端进行SSL协商,确定与所述客户端之间进行通信的密钥;An SSL negotiation module, configured to perform SSL negotiation with the client to determine a key for communicating with the client;
所述响应模块包括:The response module includes:
第二接收单元,用于接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;a second receiving unit, configured to receive an HTTP GET request sent by the client and encrypted by the key, and perform decryption processing on the HTTP GET request according to the key;
响应获取单元,用于响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;The response obtaining unit is configured to obtain a page response of the page obtaining request in response to the decrypted HTTP GET request, and perform encryption processing on the page response according to the key;
第二发送单元,用于向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。a second sending unit, configured to return, to the client, the page response encrypted by the key, so that the client communicates with the first server according to a URL of the first server.
结合第二方面,或者第二方面的第一种可能的实现方式,或者第二方面的第二种可能的实现方式,或者第二方面的第三种可能的实现方式,在第二方面的第四种可能的实现方式中,With reference to the second aspect, or the first possible implementation of the second aspect, or the second possible implementation of the second aspect, or the third possible implementation of the second aspect, in the second aspect Of the four possible implementations,
所述存储模块包括:The storage module includes:
IP获取单元,用于接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;An IP obtaining unit, configured to receive a target packet sent by the client, and obtain a source IP address, a source port number, and a destination IP address of the target packet;
创建单元,用于将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表;a creating unit, configured to use a source IP address and a source port number of the target packet as a key value, and create a data table by using a destination IP address of the target packet as a result value;
所述报文发送模块包括:The message sending module includes:
查找单元,用于将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;a searching unit, configured to use a destination IP address and a destination port number of the response packet as key values to search for a data table corresponding to the key value;
IP转换单元,用于从所述查找单元查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。An IP conversion unit, configured to obtain an IP address as a result value from a data table searched by the searching unit, and send the IP address as a source IP address of the response packet to the client Response message.
与现有技术相比,本发明实施例具有以下有益效果:Compared with the prior art, the embodiment of the invention has the following beneficial effects:
本发明实施例可在接收到客户端发送的目标报文时,获取该目标报文的目的IP地址并保存,并获取该目标报文的响应报文,通过用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文,当接收到客户端根据该响应报文发送的页面获取请求时,即可向客户端返回包括第一服务器URL的页面响应,使得客户端能访问该URL对应的页面。
In the embodiment of the present invention, when receiving the target packet sent by the client, the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, by using the saved target packet. The destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated. When receiving the page acquisition request sent by the client according to the response packet, the destination IP address may be The client returns a page response including the first server URL, so that the client can access the page corresponding to the URL.
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings to be used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1为本发明实施例提供的一种报文响应方法的流程示意图;FIG. 1 is a schematic flowchart of a message response method according to an embodiment of the present disclosure;
图2为本发明实施例提供的一种报文响应方法的交互示意图;FIG. 2 is a schematic diagram of interaction of a message response method according to an embodiment of the present invention;
图3为本发明实施例提供的另一种报文响应方法的交互示意图;FIG. 3 is a schematic diagram of interaction of another packet response method according to an embodiment of the present invention;
图4为本发明实施例提供的一种报文响应装置的结构示意图;FIG. 4 is a schematic structural diagram of a message response apparatus according to an embodiment of the present disclosure;
图5为本发明实施例提供的另一种报文响应装置的结构示意图;FIG. 5 is a schematic structural diagram of another message response apparatus according to an embodiment of the present disclosure;
图6为本发明实施例提供的又一种报文响应装置的结构示意图;FIG. 6 is a schematic structural diagram of still another message response apparatus according to an embodiment of the present disclosure;
图7为本发明实施例提供的一种接入设备的结构示意图。FIG. 7 is a schematic structural diagram of an access device according to an embodiment of the present invention.
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
请参阅图1,图1是本发明实施例提供的一种报文响应方法的流程示意图,包括:Referring to FIG. 1, FIG. 1 is a schematic flowchart of a message response method according to an embodiment of the present invention, including:
S101:接入设备接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存。S101: The access device receives the target packet sent by the client, obtains the destination IP address of the target packet, and saves the destination IP address.
具体实施例中,客户端通过浏览器输入想要访问的网站的统一资源定位符(Uniform Resource Locator,简称URL),向该网站对应的域名系统(Domain Name System,简称DNS)服务器发送DNS请求,并接收该DNS服务器响应该DNS请求返回的网站的IP地址。可选的,还可由接入设备代理响应该DNS请求并返回该网站的IP地址,本发明实施例不做限定。In a specific embodiment, the client inputs a Uniform Resource Locator (URL) of the website to be accessed by the browser, and sends a DNS request to the Domain Name System (DNS) server corresponding to the website. And receiving the IP address of the website returned by the DNS server in response to the DNS request. Optionally, the access device proxy may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
本发明实施例中的接入设备可以是交换机或路由器等设备。The access device in the embodiment of the present invention may be a device such as a switch or a router.
客户端在获取得该网站的IP地址即目的IP地址之后,发送目标报文。
接入设备接收客户端发送的目标报文。其中,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址。After obtaining the IP address of the website, that is, the destination IP address, the client sends the target packet.
The access device receives the target packet sent by the client. The target packet includes a source IP address, a source port number, and the destination IP address.
需要说明的是,该目标报文为超文本传输协议(Hypertext Transfer Protocol,简称HTTP)报文、超文本传输安全协议(Hypertext Transfer Protocol Secure,简称HTTPS)报文或其他应用层协议报文,如对DNS报文进行重定向时的用户数据报协议(User Datagram Protocol,简称UDP)报文。具体的,接入设备在接收到客户端发送的报文时,若检测得到该报文的传输控制协议(Transmission Control Protocol,简称TCP)目的端口号为80(HTTP报文)、443(HTTPS报文)或UDP目的端口号为53(DNS报文)等,即可将该接收的报文作为目标报文。It should be noted that the target message is a Hypertext Transfer Protocol (HTTP) message, a Hypertext Transfer Protocol Secure (HTTPS) message, or other application layer protocol message, such as User Datagram Protocol (UDP) packet when the DNS packet is redirected. Specifically, when the access device receives the packet sent by the client, the port number of the transmission control protocol (TCP) of the packet is 80 (HTTP packet) and 443 (HTTPS packet). If the port number of the UDP destination port is 53 (DNS packet), the received packet can be used as the destination packet.
S102:所述接入设备处理所述目标报文,以获取所述目标报文的响应报文。S102: The access device processes the target packet to obtain a response packet of the target packet.
其中,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号。The destination IP address and the destination port number of the response packet are the source IP address and the source port number of the target packet.
S103:所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文。S103: The access device replaces the source IP address of the response packet with the destination IP address of the saved target packet, and sends the response packet to the client.
可选的,接入设备可以通过创建数据表来保存该目标报文的目的IP地址,其中,该数据表包括关键值(KEY)和结果值(VALUE)的对应关系;该数据表可以为哈希HASH表。即所述接入设备接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,可以具体为:所述接入设备接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;将所述目标报文的源IP地址和源端口号作为KEY,并将所述目标报文的目的IP地址作为VALUE存入所述数据表中。进一步的,所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文,可以具体为:所述接入设备将所述响应报文的目的IP地址和目的端口号作为KEY,查找所述KEY对应的数据表;从查找出的数据表中获取作为VALUE的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。Optionally, the access device may save the destination IP address of the target packet by creating a data table, where the data table includes a correspondence between a key value (KEY) and a result value (VALUE); the data table may be a Greek HASH table. The access device receives the target packet sent by the client, and obtains the destination IP address of the target packet and saves the packet, where the access device receives the target packet sent by the client, and obtains the target. The source IP address, the source port number, and the destination IP address of the packet; the source IP address and the source port number of the target packet are used as KEYs, and the destination IP address of the target packet is stored as the VALUE as the VALUE. In the table. Further, the access device replaces the source IP address of the response packet with the destination IP address of the saved target packet, and sends the response packet to the client, which may be specifically: The ingress device uses the destination IP address and the destination port number of the response packet as a KEY to search for a data table corresponding to the KEY; obtains an IP address as a VALUE from the found data table, and uses the IP address as a Sending the response packet to the client by using a source IP address of the response packet.
进一步的,在所述接收客户端发送的目标报文之后,并在获取所述目标报文的目的IP地址并保存之前,接入设备还可检测所述目标报文的目的IP地址是否为第一服务器的IP地址;若不为所述第一服务器的IP地址,则将该目标报文
的目的IP地址进行存储,否则对该报文进行路由转发,不进行代答。Further, after the receiving the target packet sent by the client, and before acquiring the destination IP address of the target packet, the access device may further detect whether the destination IP address of the target packet is the first The IP address of a server; if not the IP address of the first server, the target message is
The destination IP address is stored. Otherwise, the packet is forwarded and forwarded without being picked up.
S104:所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应。S104: The access device receives a page acquisition request sent by the client, processes the page acquisition request, and returns a page response to the page acquisition request to the client.
其中,所述页面响应中包括第一服务器的URL。The page response includes a URL of the first server.
可选的,该第一服务器可为与所述接入设备相关联的服务器,所述第一服务器包括网页Web服务器、视频服务器、游戏服务器等等,本发明实施例不做限定。具体实施例中,所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,可以具体为:所述接入设备用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址。进一步的,所述接入设备中预先配置有该第一服务器的URL地址,以在接收到客户端发送的页面获取请求时响应该请求生成包含该第一服务器URL的页面响应。即所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,可以具体为:所述接入设备接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应。Optionally, the first server may be a server associated with the access device, where the first server includes a webpage web server, a video server, a game server, and the like, which are not limited in the embodiment of the present invention. In a specific embodiment, the access device processes the target packet to obtain the response packet of the target packet, which may be specifically: the access device replaces the IP address of the access device with the The destination IP address of the target packet is obtained by the destination IP address of the target packet, and the source IP address of the response packet is the IP address of the access device. Further, the access device is pre-configured with the URL address of the first server to generate a page response including the first server URL in response to the request when receiving the page acquisition request sent by the client. That is, the access device receives the page obtaining request sent by the client, and the processing of the page obtaining request may be: the access device receives a page obtaining request sent by the client, and responds to the page obtaining request. Get the page response of the page get request.
具体实施例中,若接收到的报文为HTTPS报文,在接收所述客户端根据所述响应报文发送的HTTP GET请求即页面获取请求,处理所述页面获取请求之前,接入设备还需与所述客户端进行安全套接层(Secure Sockets Layer,简称SSL)协商,并确定与所述客户端之间进行通信的密钥。具体的,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,可以具体为:所述接入设备接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;所述接入设备响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;所述接入设备向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。In an embodiment, if the received packet is an HTTPS packet, the access device is further configured to receive an HTTP GET request, that is, a page acquisition request sent by the client according to the response packet, and before processing the page acquisition request. The client needs to negotiate with a Secure Sockets Layer (SSL) and determine a key for communication with the client. Specifically, the access device receives the page obtaining request sent by the client, processes the page obtaining request, and returns a page response to the page obtaining request to the client, which may be specifically: The ingress device receives an HTTP GET request sent by the client and encrypted by the key, and decrypts the HTTP GET request according to the key; the access device responds to the decrypted HTTP GET request, Obtaining a page response of the page obtaining request, and performing encryption processing on the page response according to the key; the access device returns, to the client, the page response encrypted by the key, so that The client communicates with the first server according to the URL of the first server.
可选地,还可预先在系统中部署用于对客户端发送的HTTP报文、HTTPS报文等报文进行重定向处理的第二服务器,即重定向服务器,该第一服务器可与所述第二服务器相关联,并在该第二服务器中配置该第一服务器的URL地址。所述接入设备处理所述目标报文,以获取所述目标报文的响应报
文,可具体为:所述接入设备获取第二服务器的IP地址;所述接入设备用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;所述接入设备接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址。相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,可以具体为:所述接入设备接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;所述接入设备接收所述第二服务器返回的所述页面响应。Optionally, the second server, that is, the redirecting server, may be configured to perform redirection processing on the HTTP packet and the HTTPS packet sent by the client, where the first server may be The second server is associated, and the URL address of the first server is configured in the second server. The access device processes the target packet to obtain a response packet of the target packet
The access device may obtain the IP address of the second server; the access device replaces the destination IP address of the target packet with the IP address of the second server, and sends the second IP address to the second server. Sending, by the server, the target packet, so that the second server responds to the target packet, and generates a response packet of the target packet; and the access device receives the response returned by the second server The source IP address of the response packet is the IP address of the second server. Correspondingly, the access device receives the page obtaining request sent by the client, and the processing of the page obtaining request may be: the access device receives the page obtaining request, and forwards the request to the second server. The page obtains a request, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request; and the access device receives the page response returned by the second server.
实施本发明实施例可在接收到客户端发送的目标报文时,获取该目标报文的目的IP地址并保存,并获取该目标报文的响应报文,通过用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文,当接收到客户端根据该响应报文发送的页面获取请求时,即可向客户端返回包括第一服务器URL的页面响应,使得客户端能访问该URL对应的页面。When the embodiment of the present invention receives the target packet sent by the client, the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, and the saved target packet is saved. The destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated. When the client receives the page acquisition request sent by the response packet, A page response including the first server URL is returned to the client, so that the client can access the page corresponding to the URL.
请参阅图2,是本发明实施例提供的一种报文响应方法的交互示意图,所述方法可以包括:FIG. 2 is a schematic diagram of interaction of a message response method according to an embodiment of the present invention. The method may include:
S201:发送TCP SYN报文。S201: Send a TCP SYN packet.
具体实施例中,客户端通过浏览器输入想要访问的网站的URL,向该网站对应的DNS服务器发送DNS请求,并接收该DNS服务器响应该DNS请求返回的网站的IP地址。可选的,还可由接入设备代理响应该DNS请求并返回该网站的IP地址,本发明实施例不做限定。In a specific embodiment, the client inputs the URL of the website to be accessed through the browser, sends a DNS request to the corresponding DNS server of the website, and receives the IP address of the website returned by the DNS server in response to the DNS request. Optionally, the access device proxy may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
客户端在获取得该网站的IP地址之后,发送TCP SYN(synchronize)报文即目标报文,想要与远端网站建立TCP连接。所述TCP SYN报文的目的IP地址为该网站的IP地址,源IP地址及源端口号为该客户端对应的IP地址及端口号。After obtaining the IP address of the website, the client sends a TCP SYN (synchronize) message, that is, the target message, and wants to establish a TCP connection with the remote website. The destination IP address of the TCP SYN packet is the IP address of the website, and the source IP address and the source port number are the IP address and port number corresponding to the client.
S202:将TCP SYN报文的源IP地址和源端口号作为关键值,并将TCP SYN报文的目的IP地址作为结果值创建HASH表。S202: The source IP address and the source port number of the TCP SYN packet are used as key values, and the destination IP address of the TCP SYN packet is used as the result value to create a HASH table.
具体实施例中,接入设备接收到该TCP SYN报文后,则以该报文的源IP地址和源端口号作为关键值KEY,目的IP地址作为结果值VALUE,创
建HASH表,以存储该报文的目的IP地址,以便于后续进行IP转换时获取该目的IP地址。In a specific embodiment, after receiving the TCP SYN packet, the access device uses the source IP address and the source port number of the packet as the key value KEY, and the destination IP address as the result value VALUE.
The HASH table is created to store the destination IP address of the packet, so that the destination IP address can be obtained during subsequent IP conversion.
进一步的,在接收客户端发送的报文之后,并在创建HASH表之前,接入设备还可检测该报文该的目的IP地址是否为与预先配置的Web服务器即第一服务器的IP地址;若否,则所述接入设备可根据该报文的源IP地址及目的IP地址创建HASH表;若是,则所述接入设备对该报文进行路由转发,不进行代答。Further, after receiving the packet sent by the client, and before creating the HASH table, the access device may also detect whether the destination IP address of the packet is an IP address of the first server that is a pre-configured web server; If not, the access device may create a HASH table according to the source IP address and the destination IP address of the packet; if yes, the access device forwards the packet and does not perform the pickup.
进一步的,在接收客户端发送的报文之后,并在创建HASH表之前,所述接入设备还可判断该报文是否为TCP SYN报文;若为所述TCP SYN报文,则所述接入设备可根据该TCP SYN报文的源IP地址、端口号以及目标IP地址创建HASH表。Further, after receiving the packet sent by the client, and before creating the HASH table, the access device may further determine whether the packet is a TCP SYN packet; if the TCP SYN packet is the The access device can create a HASH table according to the source IP address, port number, and destination IP address of the TCP SYN packet.
S203:用所述接入设备的IP地址替换TCP SYN报文的目的IP地址,并响应所述TCP SYN报文,生成TCP SYN ACK报文。S203: Replace the destination IP address of the TCP SYN packet with the IP address of the access device, and generate a TCP SYN ACK packet in response to the TCP SYN packet.
进一步的,该接入设备将接入设备的IP地址作为该TCP SYN报文的目的IP地址,并重新计算该TCP SYN报文中TCP包头和IP包头的校验和。接入设备响应该TCP SYN报文生成TCP SYN ACK报文。Further, the access device uses the IP address of the access device as the destination IP address of the TCP SYN packet, and recalculates the checksum of the TCP packet header and the IP packet header in the TCP SYN packet. The access device generates a TCP SYN ACK packet in response to the TCP SYN packet.
S204:将TCP SYN ACK报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的HASH表,并从查找出的HASH表中获取作为结果值的IP地址,将所述IP地址作为TCP SYN ACK报文的源IP地址。S204: The destination IP address and the destination port number of the TCP SYN ACK packet are used as key values, and the HASH table corresponding to the key value is searched, and the IP address as the result value is obtained from the found HASH table, and the IP address is obtained. The address is the source IP address of the TCP SYN ACK packet.
S205:返回TCP SYN ACK报文。S205: Return a TCP SYN ACK message.
接入设备根据该TCP SYN ACK报文的目的IP和目的端口号,即将客户端的IP地址和端口号作为KEY,查找HASH表,获取得到该TCP SYN报文的目的IP地址即该KEY对应的VALUE,并将该VALUE对应的IP地址作为发送该TCP SYN ACK报文的源IP地址,重新计算该TCP SYN ACK报文中TCP包头和IP包头的校验和后发送给客户端,从而实现IP地址转换。The access device searches for the HASH table according to the destination IP address and the destination port number of the TCP SYN ACK packet, and the IP address and the port number of the client are used as the KEY. The destination IP address of the TCP SYN packet is the VALUE corresponding to the KEY. And the IP address corresponding to the VALUE is used as the source IP address of the TCP SYN ACK packet, and the checksum of the TCP header and the IP header in the TCP SYN ACK packet is recalculated and sent to the client, thereby implementing the IP address. Conversion.
需要说明的是,在该重定向即报文响应过程中,对于后续接收到的HTTP报文、HTTPS报文、DNS报文等报文,即TCP目的端口号为80、443或UDP目的端口号为53的报文,接入设备均可通过上述的HASH表方式进行IP地址转换,并回复客户端报文,后续不再赘述。It should be noted that, in the process of the redirection, that is, the response of the packet, the destination port number of the HTTP packet, the HTTPS packet, the DNS packet, etc., that is, the destination port number of the TCP is 80, 443 or UDP. For the packet of 53, the access device can perform IP address translation through the HASH table and reply to the client packet.
S206:发送TCP ACK报文。
S206: Send a TCP ACK packet.
S207:接入设备与客户端进行SSL协商,确定所述接入设备与所述客户端之间进行通信的密钥。S207: The access device performs SSL negotiation with the client, and determines a key for communication between the access device and the client.
具体实施例中,接入设备和客户端进行SSL协商过程中,接入设备会和客户端协商证书,确定该接入设备与该客户端之间进行通信的密钥。In the specific embodiment, during the SSL negotiation process between the access device and the client, the access device negotiates a certificate with the client to determine a key for communication between the access device and the client.
S208:发送HTTP GET请求。S208: Send an HTTP GET request.
S209:对所述HTTP GET请求进行SSL处理,生成TCP FIN报文,所述TCP FIN报文包括Web服务器的URL。S209: Perform SSL processing on the HTTP GET request to generate a TCP FIN packet, where the TCP FIN packet includes a URL of the web server.
具体实施例中,接入设备与客户端进行SSL协商之后,客户端根据该SSL协商确定的密钥对HTTPS GET请求即页面获取请求进行加密,并将加密的HTTPS GET请求报文发送给接入设备。In the specific embodiment, after the access device performs SSL negotiation with the client, the client encrypts the HTTPS GET request, that is, the page acquisition request, according to the key determined by the SSL negotiation, and sends the encrypted HTTPS GET request packet to the access. device.
S210:返回TCP FIN报文。S210: Return a TCP FIN message.
接入设备接收到该加密的HTTPS GET请求报文之后,需根据该SSL协商确定的密钥对该HTTPS GET请求报文进行解密处理,从而获取得到明文数据,并响应该HTTPS GET请求生成重定向报文TCP FIN即页面响应,该TCP FIN报文可具体为HTTP 301响应报文或HTTP 302响应报文,该TCP FIN报文包括预先配置的Web服务器即第一服务器的URL,以使该客户端根据该URL与该Web服务器进行通信。同时将TCP的标记位置为FIN,关闭客户端与接入设备之间的链接。具体的,向客户端返回该TCP FIN之前,接入设备还可通过该协商的密钥对该TCP FIN报文进行加密,客户端在接收到该TCP FIN报文时,根据该协商的密钥对该TCP FIN报文进行解密处理,从而获得明文数据。After receiving the encrypted HTTPS GET request packet, the access device decrypts the HTTPS GET request packet according to the key determined by the SSL negotiation, thereby obtaining the plaintext data, and generating a redirect in response to the HTTPS GET request. The TCP FIN packet is a page response. The TCP FIN packet may be an HTTP 301 response packet or an HTTP 302 response packet. The TCP FIN packet includes a pre-configured web server, that is, a URL of the first server, so that the client The terminal communicates with the web server according to the URL. At the same time, the TCP tag location is FIN, and the link between the client and the access device is closed. Specifically, before returning the TCP FIN to the client, the access device may further encrypt the TCP FIN packet by using the negotiated key, and the client receives the TCP FIN packet according to the negotiated key. The TCP FIN message is decrypted to obtain plaintext data.
S211:发送TCP ACK报文。S211: Send a TCP ACK packet.
S212:发送TCP FIN报文。S212: Send a TCP FIN message.
S213:返回TCP ACK报文。S213: Return a TCP ACK packet.
具体实施例中,客户端收到接入设备返回的TCP FIN报文后,会先后回复ACK与FIN报文,接入设备响应该ACK与FIN报文并回复ACK报文。In the specific embodiment, after receiving the TCP FIN message returned by the access device, the client replies with the ACK and the FIN message, and the access device responds to the ACK and FIN message and replies with the ACK message.
进一步的,所述HASH表中还可包括该接入设备与所述客户端的连接状态信息,当接收到所述客户端发送的报文或向所述客户端发送报文时,则可更新所述HASH表中记录的接入设备与所述客户端的连接状态信息,以对所述HASH
表进行管理。例如,该连接状态信息可包括初始状态Initial、重定向状态Redirect、FIN报文接收状态FIN Received、FIN报文发送状态FIN Sent、连接关闭状态closed等等。举例来说,该创建的HASH表可如表一所示。Further, the HASH table may further include connection state information of the access device and the client, and may update the device when receiving the packet sent by the client or sending the packet to the client. Determining the connection status information of the access device and the client recorded in the HASH table, to the HASH
The table is managed. For example, the connection status information may include an initial status Initial, a redirect status Redirect, a FIN message receiving status FIN Received, a FIN message sending status FIN Sent, a connection closed status closed, and the like. For example, the created HASH table can be as shown in Table 1.
表一Table I
具体的,接入设备可在接收到客户端发送的TCP SYN报文时,将接入设备与客户端的连接状态信息记录为Initial;接入设备在发出重定向报文时,将连接状态信息更新为Redirect,在接收到客户端发送的TCP FIN报文时,将连接状态信息更新为FIN_Received,并在响应客户端发送的FIN报文回复TCP ACK报文时,将连接状态信息更新为Closed。若接入设备检测到HASH表中记录的连接状态信息为closed,即可判断接入设备与客户端之间的连接状态为关闭状态,则可删除该HASH表。Specifically, the access device may record the connection state information of the access device and the client as Initial when receiving the TCP SYN packet sent by the client, and update the connection state information when the access device sends the redirect message. For the Redirect, when receiving the TCP FIN packet sent by the client, the connection status information is updated to FIN_Received, and the connection status information is updated to Closed when the FIN message sent by the client responds with a TCP ACK message. If the access device detects that the connection status information recorded in the HASH table is closed, it can determine that the connection status between the access device and the client is off, and the HASH table can be deleted.
需要说明的是,正常情况下,一条HASH连接表项处于Closed状态时,即可删除该HASH表,释放资源。但在某些异常情况下,例如物理链路丢包导致HASH连接表项没有正常被删除,则可采取用新的HASH表覆盖老的HASH表的方法来删除老的HASH表。具体的,可预先设置每一个HASH表允许冲突的条目数,例如HASH表的总长度为512(即HASH表索引的范围),若设置允许冲突4次,则HASH表即有512*4的总规格。当每次有新的连接请求建立时,若计算出HASH表的索引已经有了4个连接,则使用新的连接覆盖最早的连接。It should be noted that, under normal circumstances, when a HASH connection entry is in the Closed state, the HASH table can be deleted and the resources are released. However, in some abnormal situations, such as the physical link loss, the HASH connection entry is not deleted normally. You can use the new HASH table to overwrite the old HASH table to delete the old HASH table. Specifically, the number of entries allowed for each HASH table may be preset. For example, the total length of the HASH table is 512 (ie, the range of the HASH table index). If the conflict is set to 4 times, the HASH table has a total of 512*4. specification. Whenever a new connection request is established, if it is calculated that the index of the HASH table already has 4 connections, the oldest connection is overwritten with the new connection.
S214:发送TCP SYN报文。S214: Send a TCP SYN packet.
S215:返回TCP SYN ACK报文。S215: Return a TCP SYN ACK message.
S216:发送TCP ACK报文。S216: Send a TCP ACK packet.
客户端发起与Web服务器的TCP连接,根据该URL重定向到该Web服务器,与该Web服务器进行通信,Web服务器向该客户端推送页面。例如,该Web服务器为Portal服务器,客户端发起与该Portal服务器的TCP连接之后,该Portal服务器即可向客户端推送认证页面。
The client initiates a TCP connection with the web server, redirects to the web server according to the URL, communicates with the web server, and the web server pushes the page to the client. For example, the web server is a portal server, and after the client initiates a TCP connection with the portal server, the portal server can push the authentication page to the client.
需要说明的是,对到达指定Web服务器的IP报文,接入设备不做上述重定向处理,而直接转发该IP报文至该Web服务器。It should be noted that, for the IP packet that reaches the specified web server, the access device does not perform the above redirection process, and directly forwards the IP packet to the web server.
实施本发明实施例可在接收到客户端发送的TCP SYN报文即目标报文时,根据该SYN报文的源IP地址及源端口号创建HASH表,以存储该报文的目的IP地址,并将接入设备的IP地址作为所述目标报文的目的IP地址,从而响应该目标报文生成响应报文,然后将从HASH表中查找出的该目的IP地址作为该响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文,并通过接收客户端根据该响应报文发送的经过SSL协商的HTTP GET请求,对该HTTP GET请求进行SSL处理后,向客户端回复预先配置的Web服务器的URL,从而实现对HTTPS报文的重定向,使得客户端能访问该URL对应的网页。When the embodiment of the present invention receives the TCP SYN packet, that is, the target packet, the HASH table is created according to the source IP address and the source port number of the SYN packet, so as to store the destination IP address of the packet. And the IP address of the access device is used as the destination IP address of the target packet, and the response packet is generated in response to the target packet, and then the destination IP address that is found in the HASH table is used as the source of the response packet. The IP address is sent to the client after the IP address is translated, and the HTTP GET request sent by the client according to the response message is sent to the client, and the HTTP GET request is processed by SSL. The client replies to the URL of the pre-configured web server, so that the HTTPS message is redirected, so that the client can access the webpage corresponding to the URL.
请参阅图3,是本发明实施例提供的另一种报文响应方法的交互示意图,所述方法可以包括:FIG. 3 is a schematic diagram of interaction of another packet response method according to an embodiment of the present invention. The method may include:
S301:发送TCP SYN报文。S301: Send a TCP SYN packet.
具体实施例中,客户端通过浏览器输入想要访问的网站的URL,向该网站对应的DNS服务器发送DNS请求,获取该网站的IP地址,并向接入设备发送TCP SYN报文即目标报文。In a specific embodiment, the client inputs the URL of the website to be accessed through the browser, sends a DNS request to the corresponding DNS server of the website, obtains the IP address of the website, and sends a TCP SYN message to the access device, that is, the target report. Text.
S302:将TCP SYN报文的源IP地址和源端口号作为关键值,并将TCP SYN报文的目的IP地址作为结果值创建HASH表。S302: The source IP address and the source port number of the TCP SYN packet are used as key values, and the destination IP address of the TCP SYN packet is used as the result value to create a HASH table.
具体实施例中,接入设备接收到该TCP SYN报文后,则以该报文的源IP地址和源端口号作为关键值KEY,目的IP地址作为结果值VALUE,创建HASH表,存储该报文的目的IP地址,以便于后续进行IP转换时获取该目的IP地址。In a specific embodiment, after receiving the TCP SYN packet, the access device uses the source IP address and the source port number of the packet as the key value KEY, and the destination IP address as the result value VALUE, creates a HASH table, and stores the report. The destination IP address of the text is used to obtain the destination IP address for subsequent IP conversion.
S303:用重定向服务器的IP地址替换TCP SYN报文的目的IP地址,发送TCP SYN报文。S303: Replace the destination IP address of the TCP SYN packet with the IP address of the redirecting server, and send a TCP SYN packet.
可选地,还可预先在系统中部署用于对客户端发送的HTTP报文、HTTPS报文、DNS报文等报文进行重定向处理的重定向服务器即第二服务器,使得在该重定向服务器存储的Web服务器即第一服务器的URL能够灵活配置。Optionally, the redirecting server, that is, the second server, configured to redirect the HTTP packets, the HTTPS packets, the DNS packets, and the like sent by the client, may be deployed in the system, so that the redirecting The web server stored in the server, that is, the URL of the first server can be flexibly configured.
具体的,接入设备创建HASH表即存储TCP SYN报文的目的IP地址
之后,可将重定向服务器的IP地址作为TCP SYN报文的目的IP地址,并重新计算该TCP SYN报文中TCP包头和IP包头的校验和之后,将该TCP SYN报文发送至重定向服务器,由该重定向服务器进行报文处理。Specifically, the access device creates a HASH table, that is, stores the destination IP address of the TCP SYN packet.
After that, the IP address of the redirect server is used as the destination IP address of the TCP SYN packet, and the checksum of the TCP header and the IP header in the TCP SYN packet is recalculated, and the TCP SYN packet is sent to the redirect. The server performs packet processing by the redirect server.
S304:响应所述目标报文,并生成TCP SYN ACK报文。S304: Respond to the target packet, and generate a TCP SYN ACK packet.
S305:返回TCP SYN ACK报文。S305: Return a TCP SYN ACK message.
具体实施例中,重定向服务器在接收到接入设备发送的TCP SYN报文之后,响应该报文并生成TCP SYN ACK报文,将该TCP SYN ACK报文返回至接入设备。该TCP SYN ACK报文的目的IP地址及目的端口号为该客户端对应的IP地址及端口号。In a specific embodiment, after receiving the TCP SYN packet sent by the access device, the redirecting server responds to the packet and generates a TCP SYN ACK packet, and returns the TCP SYN ACK packet to the access device. The destination IP address and destination port number of the TCP SYN ACK packet are the IP address and port number corresponding to the client.
S306:从HASH表中查找作为结果值的IP地址,将查找出的IP地址作为TCP SYN ACK报文的源IP地址。S306: Find the IP address as the result value from the HASH table, and use the found IP address as the source IP address of the TCP SYN ACK packet.
S307:返回TCP SYN ACK报文。S307: Return a TCP SYN ACK message.
具体实施例中,接入设备接收重定向服务器返回的TCP SYN ACK报文即响应报文,并根据该TCP SYN ACK报文的目的IP地址和目的端口号,即将客户端的IP地址和端口号作为KEY,查找HASH表,获取得到该TCP SYN报文的目的IP地址即该KEY对应的VALUE,并将该VALUE对应的IP地址作为发送该TCP SYN ACK报文的源IP地址,重新计算该TCP SYN ACK报文中TCP包头和IP包头的校验和后发送给客户端,从而实现IP地址转换。In a specific embodiment, the access device receives the TCP SYN ACK packet, which is a response packet, and responds to the destination IP address and destination port number of the TCP SYN ACK packet, that is, the IP address and port number of the client are used as KEY, find the HASH table, obtain the destination IP address of the TCP SYN packet, that is, the VALUE corresponding to the KEY, and use the IP address corresponding to the VALUE as the source IP address of the TCP SYN ACK packet, and recalculate the TCP SYN. The checksum of the TCP header and the IP header in the ACK packet is sent to the client, thereby implementing IP address translation.
需要说明的是,在该重定向过程中,对于后续接收到的HTTP报文、HTTPS报文、DNS报文等报文,即TCP目的端口号为80、443或UDP目的端口号为53的报文,接入设备均可通过上述处理将该接收报文的目的IP地址替换为重定向服务器的IP地址,并将该报文转发给重定向服务器,由重定向服务器进行响应后将响应报文发送给接入设备,接入设备根据上述的HASH表方式进行IP地址转换,将HASH中存储的该接收报文的目的IP地址作为响应报文的源IP地址后,将该响应报文发送给客户端,后续不再赘述。It should be noted that, in the redirection process, the packets of the HTTP port, the HTTPS packet, the DNS packet, and the like, that is, the TCP destination port number is 80, 443, or the UDP destination port number is 53. The access device can replace the destination IP address of the received packet with the IP address of the redirecting server, and forward the packet to the redirecting server. The responding server responds to the packet after responding. Sending to the access device, the access device performs IP address translation according to the HASH table, and sends the response packet to the source IP address of the response packet. The client will not go into details later.
S308:发送TCP ACK报文。S308: Send a TCP ACK packet.
S309:发送TCP ACK报文。S309: Send a TCP ACK packet.
S310:发送HTTP GET请求。S310: Send an HTTP GET request.
S311:发送HTTP GET请求。
S311: Send an HTTP GET request.
S312:响应HTTP GET请求,生成TCP FIN报文,所述TCP FIN报文包括Web服务器的URL。S312: Generate a TCP FIN message in response to the HTTP GET request, where the TCP FIN message includes a URL of the web server.
可选地,在客户端发送该HTTP GET请求即页面获取请求之前,重定向服务器还可与客户端进行SSL协商,确定该重定向服务器与客户端之间进行通信的密钥。进一步的,客户端可根据该SSL协商确定的密钥对HTTPS GET请求进行加密,并通过接入设备将加密的HTTP GET请求发送至重定向服务器。Optionally, before the client sends the HTTP GET request, that is, the page acquisition request, the redirect server may further perform SSL negotiation with the client to determine a key for communication between the redirect server and the client. Further, the client may encrypt the HTTPS GET request according to the key determined by the SSL negotiation, and send the encrypted HTTP GET request to the redirect server through the access device.
进一步的,重定向服务器接收到该加密的HTTPS GET请求报文之后,需根据该SSL协商确定的密钥对该HTTPS GET请求报文进行解密处理,从而获取得到明文数据,并响应该HTTPS GET请求生成重定向报文TCP FIN即页面响应,该TCP FIN报文可具体为HTTP 301响应报文或HTTP 302响应报文,该TCP FIN报文包括预先配置的Web服务器的URL,以使该客户端根据该URL与该Web服务器进行通信。Further, after receiving the encrypted HTTPS GET request packet, the redirecting server decrypts the HTTPS GET request packet according to the key determined by the SSL negotiation, thereby obtaining the plaintext data, and responding to the HTTPS GET request. The TCP FIN message is generated by the redirection packet. The TCP FIN packet may be an HTTP 301 response packet or an HTTP 302 response packet. The TCP FIN packet includes a pre-configured URL of the web server to enable the client. Communicate with the web server based on the URL.
需要说明的是,该重定向服务器中的Web服务器的URL可根据用户需求进行灵活配置。It should be noted that the URL of the web server in the redirect server can be flexibly configured according to user requirements.
S313:返回TCP FIN报文。S313: Return a TCP FIN message.
S314:返回TCP FIN报文。S314: Return a TCP FIN message.
S315:发送TCP ACK报文。S315: Send a TCP ACK packet.
S316:发送TCP ACK报文。S316: Send a TCP ACK packet.
S317:发送TCP FIN报文。S317: Send a TCP FIN message.
S318:发送TCP FIN报文。S318: Send a TCP FIN message.
S319:返回TCP ACK报文。S319: Return a TCP ACK message.
S320:返回TCP ACK报文。S320: Return a TCP ACK packet.
具体实施例中,客户端收到接入设备返回的TCP FIN报文后,会先后回复ACK与FIN报文。接入设备接收到客户端发送的TCP FIN报文之后,可将该TCP FIN报文的目的IP地址替换为重定向服务器的IP地址,并转发给重定向服务器。重定向服务器响应该TCP FIN报文并回复ACK,将回复的TCP ACK报文返回至接入设备,接入设备向客户端回复该TCP ACK报文。In a specific embodiment, after receiving the TCP FIN message returned by the access device, the client replies with an ACK and a FIN message. After receiving the TCP FIN packet sent by the client, the access device can replace the destination IP address of the TCP FIN packet with the IP address of the redirect server and forward it to the redirect server. The redirecting server responds to the TCP FIN packet and replies with an ACK, and returns the replied TCP ACK packet to the access device, and the access device replies to the TCP ACK packet to the client.
S321:发送TCP SYN报文。
S321: Send a TCP SYN packet.
S322:返回TCP SYN ACK报文。S322: Return a TCP SYN ACK message.
S323:发送TCP ACK报文。S323: Send a TCP ACK packet.
具体实施例中,客户端接收到接入设备返回的包含Web服务器的URL的重定向报文之后,即可发起与该Web服务器的TCP连接,根据该URL重定向到该Web服务器,与该Web服务器进行通信。In a specific embodiment, after receiving the redirect message including the URL of the web server returned by the access device, the client may initiate a TCP connection with the web server, and redirect to the web server according to the URL, and the web The server communicates.
实施本发明实施例通过在系统中部署重定向服务器即第二服务器来实现对HTTP报文、HTTPS报文等报文的重定向,使得能够在该重定向服务器中对需要重定向到的Web服务器的URL进行灵活配置,同时通过部署重定向服务器还在一定程度上减轻了接入设备的负载,可有效地实现对HTTP报文、HTTPS报文等报文的重定向,使得客户端能访问该URL对应的网页。The embodiment of the present invention implements the redirection of the packets such as the HTTP packet and the HTTPS packet by deploying the redirecting server, that is, the second server, so that the redirected server can be redirected to the web server. The URL is flexibly configured. At the same time, the deployment of the redirect server also reduces the load on the access device to a certain extent. It can effectively redirect packets such as HTTP packets and HTTPS packets, so that the client can access the URL. The web page corresponding to the URL.
请参阅图4,是本发明实施例提供的一种报文响应装置的结构示意图,所述装置可包括存储模块11、报文处理模块12、报文发送模块13以及响应模块14。FIG. 4 is a schematic structural diagram of a message response apparatus according to an embodiment of the present invention. The apparatus may include a storage module 11, a message processing module 12, a message sending module 13, and a response module 14.
本发明实施例的所述装置可具体设置于交换机、路由器等接入设备中。The device in the embodiment of the present invention may be specifically configured in an access device such as a switch or a router.
所述存储模块11,用于接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存。The storage module 11 is configured to receive a target packet sent by the client, obtain a destination IP address of the target packet, and save the destination IP address.
其中,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址。The target packet includes a source IP address, a source port number, and the destination IP address.
具体实施例中,客户端通过浏览器输入想要访问的网站的URL,并获取得到该网站的IP地址,向该网站对应的DNS服务器发送DNS请求,并接收该DNS服务器响应该DNS请求返回的网站的IP地址。可选的,还可由接入设备代理响应该DNS请求并返回该网站的IP地址,本发明实施例不做限定。In a specific embodiment, the client inputs the URL of the website that is to be accessed through the browser, obtains the IP address of the website, sends a DNS request to the corresponding DNS server of the website, and receives the DNS server returns in response to the DNS request. The IP address of the website. Optionally, the access device proxy may also respond to the DNS request and return the IP address of the website, which is not limited by the embodiment of the present invention.
客户端在获取得该网站的IP地址即目的IP地址之后,发送目标报文。存储模块11接收客户端发送的目标报文,并保存该目标报文的目的IP地址。After obtaining the IP address of the website, that is, the destination IP address, the client sends the target packet. The storage module 11 receives the target packet sent by the client, and saves the destination IP address of the target packet.
需要说明的是,该目标报文为HTTP报文、HTTPS报文或其他应用层协议报文,如对DNS报文进行重定向时的UDP报文。具体的,接入设备在接收到客户端发送的报文时,若检测得到该报文的TCP目的端口号为80(HTTP报文)、443(HTTPS报文)或UDP目的端口号为53(DNS报文)等,即可将该接收的报文作为目标报文。It should be noted that the target packet is an HTTP packet, an HTTPS packet, or another application layer protocol packet, such as a UDP packet when the DNS packet is redirected. Specifically, the access device receives the packet sent by the client, and if the TCP port number of the packet is 80 (HTTP packet), 443 (HTTPS packet), or UDP destination port number is 53 ( The received packet is used as the destination packet.
所述报文处理模块12,用于处理所述目标报文,以获取所述目标报文的响
应报文。The message processing module 12 is configured to process the target packet to obtain the response of the target packet
Should be a message.
其中,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号。The destination IP address and the destination port number of the response packet are the source IP address and the source port number of the target packet.
可选的,报文处理模块12可以通过创建数据表来保存该目标报文的目的IP地址,其中,该数据表包括关键值(KEY)和结果值(VALUE)的对应关系,比如将所述目标报文的源IP地址和源端口号作为KEY,并将所述目标报文的目的IP地址作为VALUE存入所述数据表中。该数据表可以为哈希HASH表。Optionally, the message processing module 12 may save the destination IP address of the target packet by creating a data table, where the data table includes a correspondence between a key value (KEY) and a result value (VALUE), such as The source IP address and the source port number of the target packet are used as the KEY, and the destination IP address of the target packet is stored in the data table as a VALUE. The data table can be a hash HASH table.
所述报文发送模块13,用于用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文。The message sending module 13 is configured to replace the source IP address of the response packet with the saved destination IP address of the target packet, and send the response packet to the client.
具体实施例中,报文处理模块12响应该接收到的目标报文并获取响应报文之后,还可通过报文发送模块13将该保存的目标报文的目的IP地址作为该响应报文的源IP地址,并向所述客户端发送所述响应报文。In a specific embodiment, after the message processing module 12 responds to the received target message and obtains the response message, the message sending module 13 can also use the destination IP address of the saved target message as the response message. Source IP address, and send the response message to the client.
所述响应模块14,用于接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的URL。The response module 14 is configured to receive a page acquisition request sent by the client, process the page acquisition request, and return a page response to the page acquisition request to the client, where the page response includes The URL of a server.
可选的,该第一服务器可为与所述接入设备相关联的服务器,所述第一服务器包括网页Web服务器、视频服务器、游戏服务器等等,本发明实施例不做限定。其中,所述接入设备中预先配置有该第一服务器的URL地址。Optionally, the first server may be a server associated with the access device, where the first server includes a webpage web server, a video server, a game server, and the like, which are not limited in the embodiment of the present invention. The URL address of the first server is pre-configured in the access device.
进一步的,响应模块14在接收到客户端根据该响应报文发送的页面获取请求如HTTP GET请求之后,即可对该HTTP GET请求进行重定向处理,得到页面响应,向客户端返回需要重定向到的Web服务器的URL。Further, after receiving the page acquisition request sent by the client according to the response message, such as an HTTP GET request, the response module 14 may perform a redirect process on the HTTP GET request to obtain a page response, and return a redirect to the client. The URL to the web server.
实施本发明实施例可在接收到客户端发送的目标报文时,获取该目标报文的目的IP地址并保存,并获取该目标报文的响应报文,通过用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文,当接收到客户端根据该响应报文发送的页面获取请求时,即可向客户端返回包括第一服务器URL的页面响应,使得客户端能访问该URL对应的页面。When the embodiment of the present invention receives the target packet sent by the client, the destination IP address of the target packet is obtained and saved, and the response packet of the target packet is obtained, and the saved target packet is saved. The destination IP address is replaced with the source IP address of the response packet, and the response packet is sent to the client after the IP address is translated. When the client receives the page acquisition request sent by the response packet, A page response including the first server URL is returned to the client, so that the client can access the page corresponding to the URL.
请参阅图5,是本发明实施例提供的另一种报文响应装置的结构示意图,在图4所示基础上,所述报文处理模块12可以具体用于:FIG. 5 is a schematic structural diagram of another packet response apparatus according to an embodiment of the present invention. The packet processing module 12 may be specifically configured to:
用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标
报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;Replacing the destination IP address of the target packet with the IP address of the access device, responding to the target
Receiving a response packet of the target packet, the source IP address of the response packet being an IP address of the access device;
所述响应模块14可以具体用于:The response module 14 can be specifically configured to:
接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应,并向所述客户端返回所述页面响应。Receiving a page acquisition request sent by the client, responding to the page acquisition request, obtaining a page response of the page acquisition request, and returning the page response to the client.
进一步的,所述装置还可以包括:Further, the device may further include:
SSL协商模块15,用于与所述客户端进行SSL协商,确定与所述客户端之间进行通信的密钥;The SSL negotiation module 15 is configured to perform SSL negotiation with the client to determine a key for communication with the client.
所述响应模块14可进一步包括:The response module 14 can further include:
第二接收单元141,用于接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;The second receiving unit 141 is configured to receive an HTTP GET request sent by the client and encrypted by the key, and perform decryption processing on the HTTP GET request according to the key;
响应获取单元142,用于响应解密处理后的所述HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;The response obtaining unit 142 is configured to obtain a page response of the page obtaining request in response to the HTTP GET request after the decryption process, and perform encryption processing on the page response according to the key;
第二发送单元143,用于向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。The second sending unit 143 is configured to return, to the client, the page response encrypted by the key, so that the client communicates with the first server according to the URL of the first server.
具体实施例中,若接收的报文为HTTPS报文,在进行重定向处理之前,还可通过SSL协商模块15与客户端进行SSL协商,和客户端协商证书,并确定该接入设备与该客户端之间进行通信的密钥。具体的,在进行重定向处理时,可通过第二接收单元141接收客户端发送的经过该SSL协商密钥加密的HTTP GET请求,对该HTTP GET请求进行SSL处理,解密成明文数据。响应获取单元142即可响应该HTTP GET请求,生成重定向报文即页面响应,并用所述密钥对该重定向报文进行加密后通过第二发送单元143将该重定向报文回复给客户端,以使所述客户端根据所述Web服务器的URL与所述Web服务器进行通信,将客户端请求重定向到该Web服务器。In the specific embodiment, if the received packet is an HTTPS packet, the SSL negotiation module 15 may perform SSL negotiation with the client, negotiate the certificate with the client, and determine the access device and the The key for communication between clients. Specifically, when performing the redirection process, the second receiving unit 141 may receive an HTTP GET request sent by the client and encrypted by the SSL negotiation key, and perform SSL processing on the HTTP GET request to decrypt the plaintext data. The response obtaining unit 142 can respond to the HTTP GET request, generate a redirect message, that is, a page response, and encrypt the redirect message with the key, and then reply the redirect message to the client by using the second sending unit 143. Ending, so that the client communicates with the web server according to the URL of the web server, and redirects the client request to the web server.
实施本发明实施例可在接入设备接收到客户端发送的目标报文后,存储该报文的目的IP地址,并将该接入设备的IP地址作为所述目标报文的目的IP地址,从而响应该目标报文生成响应报文,然后将该存储的目的IP地址作为该响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文;通过与客户端进行SSL协商,接收客户端根据该响应报文发送的经过SSL协商的HTTP GET请求,并对该HTTP GET请求进行SSL
处理后,向客户端回复预先配置的的Web服务器的URL,从而实现对HTTPS报文的重定向,使得客户端能访问该URL对应的网页。After the access device receives the target packet sent by the client, the access device stores the destination IP address of the packet, and uses the IP address of the access device as the destination IP address of the target packet. And generating a response packet in response to the target packet, and then using the stored destination IP address as the source IP address of the response packet, performing IP address translation, and sending the response packet to the client; SSL negotiation, receiving an SSL-negoed HTTP GET request sent by the client according to the response packet, and performing SSL on the HTTP GET request
After the processing, the URL of the pre-configured web server is returned to the client, so that the HTTPS packet is redirected, so that the client can access the webpage corresponding to the URL.
请参阅图6,是本发明实施例提供的又一种报文响应装置的结构示意图,在图4所示基础上,所述报文处理模块12可以进一步包括:FIG. 6 is a schematic structural diagram of another packet response apparatus according to an embodiment of the present invention. The packet processing module 12 may further include:
IP获取单元121,用于获取第二服务器的IP地址;The IP obtaining unit 121 is configured to acquire an IP address of the second server.
第一发送单元122,用于用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;The first sending unit 122 is configured to replace the destination IP address of the target packet with an IP address of the second server, and send the target packet to the second server, so that the second server responds Decoding a target packet, and generating a response packet of the target packet;
第一接收单元123,用于接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址。The first receiving unit 123 is configured to receive the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server.
可选地,还可预先在系统中部署用于对客户端发送的HTTP报文、HTTPS报文等报文进行重定向处理的重定向服务器即第二服务器,该第一服务器可与所述第二服务器相关联,并在该第二服务器中配置该第一服务器的URL地址,使得在该第二服务器存储的Web服务器的URL能够灵活配置。Optionally, the redirecting server, that is, the second server, configured to redirect the HTTP packets and the HTTPS packets sent by the client, may be deployed in the system. The second server is associated, and the URL address of the first server is configured in the second server, so that the URL of the web server stored in the second server can be flexibly configured.
具体的,存储模块11将目标报文的目的IP地址进行存储之后,即可通过IP获取单元121获取第二服务器的IP地址,第一发送单元122将该第二服务器的IP地址作为目标报文的目的IP地址,并重新计算该目标报文中TCP包头和IP包头的校验和之后,将该目标报文发送至第二服务器,由该第二服务器进行报文处理,并生成该目标报文的响应报文。第一接收单元123接收该第二服务器返回的响应报文。Specifically, after the storage module 11 stores the destination IP address of the target packet, the IP address of the second server is obtained by the IP obtaining unit 121, and the first sending unit 122 uses the IP address of the second server as the target packet. After the destination IP address is recalculated, and the checksum of the TCP packet header and the IP header in the target packet is recalculated, the target packet is sent to the second server, and the second server performs packet processing and generates the target packet. The response message of the text. The first receiving unit 123 receives the response message returned by the second server.
进一步的,在本发明实施例中,所述响应模块14可包括:Further, in the embodiment of the present invention, the response module 14 may include:
请求处理单元144,用于接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;The request processing unit 144 is configured to receive the page obtaining request, and forward the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request. ;
响应处理单元145,用于接收所述第二服务器返回的所述页面响应,并向所述客户端返回所述页面响应。The response processing unit 145 is configured to receive the page response returned by the second server, and return the page response to the client.
可选地,在客户端发送该页面获取单元如HTTP GET请求之前,第二服务器还可与客户端进行SSL协商,确定该第二服务器与客户端之间进行通信的密钥。进一步的,客户端可根据该SSL协商确定的密钥对HTTP GET请求进行加密,并发送给接入设备,接入设备即可通过请求处理单元144将
加密的HTTP GET请求发送至第二服务器,以使该第二服务器对该HTTP GET请求进行SSL处理,并生成包含需要重定向到的第一服务器如Web服务器的URL的页面响应。响应处理单元145接收该第二服务器返回的页面响应。Optionally, before the client sends the page obtaining unit, such as an HTTP GET request, the second server may further perform SSL negotiation with the client to determine a key for communication between the second server and the client. Further, the client may encrypt the HTTP GET request according to the key determined by the SSL negotiation, and send the request to the access device, and the access device may pass the request processing unit 144.
The encrypted HTTP GET request is sent to the second server to cause the second server to perform SSL processing on the HTTP GET request and generate a page response containing the URL of the first server, such as the web server, that needs to be redirected. The response processing unit 145 receives the page response returned by the second server.
需要说明的是,该第二服务器中的Web服务器的URL可根据用户需求进行灵活配置。It should be noted that the URL of the web server in the second server can be flexibly configured according to user requirements.
实施本发明实施例通过在系统中部署重定向服务器即第二服务器来实现对HTTP报文或HTTPS报文等报文的重定向,使得能够在该重定向服务器中对需要重定向到的Web服务器的URL进行灵活配置,同时通过部署重定向服务器还在一定程度上减轻了接入设备的负载,可有效地实现对HTTP报文、HTTPS报文等报文的重定向,使得客户端能访问该URL对应的网页。The embodiment of the present invention implements redirection of packets such as HTTP packets or HTTPS packets by deploying a redirect server, that is, a second server, so that a redirected server can be redirected to the web server. The URL is flexibly configured. At the same time, the deployment of the redirect server also reduces the load on the access device to a certain extent. It can effectively redirect packets such as HTTP packets and HTTPS packets, so that the client can access the URL. The web page corresponding to the URL.
进一步的,在图4或图5或图6所示基础上,所述存储模块11还可以包括:Further, on the basis of FIG. 4 or FIG. 5 or FIG. 6, the storage module 11 may further include:
IP获取单元111,用于接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;The IP obtaining unit 111 is configured to receive a target packet sent by the client, and obtain a source IP address, a source port number, and a destination IP address of the target packet.
创建单元112,用于将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表;The creating unit 112 is configured to use the source IP address and the source port number of the target packet as key values, and create a data table by using the destination IP address of the target packet as a result value;
可选地,该创建的数据表可具体为HASH表。具体的,在接收到目标报文后,IP获取单元111即可获取该目标报文的源IP地址、源端口号及目的IP地址,创建单元112以该报文的源IP和源端口号作为关键值KEY,目的IP作为结果值VALUE,创建HASH表,以存储该报文的目的IP地址,以便于后续进行IP转换时获取该目的IP地址。Optionally, the created data table may be specifically a HASH table. Specifically, after receiving the target packet, the IP obtaining unit 111 can obtain the source IP address, the source port number, and the destination IP address of the target packet, and the creating unit 112 uses the source IP address and the source port number of the packet as the source IP address and the source port number of the packet. The key value KEY, the destination IP is used as the result value VALUE, and a HASH table is created to store the destination IP address of the packet, so as to obtain the destination IP address when performing subsequent IP conversion.
所述报文发送模块13还可以包括:The message sending module 13 may further include:
查找单元131,用于将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;The searching unit 131 is configured to use the destination IP address and the destination port number of the response packet as key values to search for a data table corresponding to the key value.
IP转换单元132,用于从所述查找单元131查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。The IP conversion unit 132 is configured to obtain an IP address as a result value from the data table searched by the searching unit 131, and send the IP address as a source IP address of the response packet to the client. The response message.
具体的,查找单元131可根据该响应报文的目的IP和目的端口号,即将客户端的IP地址和端口号作为KEY,查找HASH表,获取得到该目标
报文的目的IP地址即该KEY对应的VALUE,并通过IP转换单元132将该VALUE对应的IP地址即该目的IP地址作为发送该响应报文的源IP地址,重新计算该响应报文中TCP包头和IP包头的校验和后发送给客户端,从而实现IP地址转换。Specifically, the searching unit 131 may use the IP address and the port number of the client as the KEY to find the HASH table and obtain the target according to the destination IP address and the destination port number of the response packet.
The destination IP address of the packet is the VALUE corresponding to the KEY, and the IP address corresponding to the VALUE is used as the source IP address of the response packet by the IP conversion unit 132, and the TCP in the response packet is recalculated. The checksum of the packet header and the IP header is sent to the client to implement IP address translation.
在本发明实施例中,可在接收到客户端发送的目标报文时,根据该目标报文的源IP地址及源端口号创建HASH表,以存储该报文的目的IP地址,并通过处理该目标报文以获取该目标报文的响应报文,然后将从HASH表中查找出的该目的IP地址作为该响应报文的源IP地址,进行IP地址转换后向所述客户端发送该响应报文,从而在接收到客户端根据该响应报文发送的页面获取请求时,向该客户端回复预先配置的第一服务器的URL,从而实现对HTTP或HTTPS报文等报文的重定向,使得客户端能访问该URL对应的网页。In the embodiment of the present invention, when receiving the target packet sent by the client, the HASH table is created according to the source IP address and the source port number of the target packet, and the destination IP address of the packet is stored and processed. The target packet is used to obtain the response packet of the target packet, and then the destination IP address that is found in the HASH table is used as the source IP address of the response packet, and the IP address is translated and sent to the client. Responding to the packet, so that when the client receives the request for the page according to the response message, the client sends a URL of the first server to the client, so as to redirect the packet such as the HTTP or HTTPS packet. So that the client can access the web page corresponding to the URL.
进一步的,请参见图7,是本发明实施例提供的一种接入设备的结构组成示意图,本发明实施例的接入设备包括:通信端口300、存储器200和处理器100,所述通信端口300、存储器200以及处理器100之间可以通过总线进行数据连接,也可以通过其他方式数据连接。本实施例中以总线连接进行说明。Further, please refer to FIG. 7, which is a schematic structural diagram of an access device according to an embodiment of the present invention. The access device according to the embodiment of the present invention includes: a communication port 300, a memory 200, and a processor 100, and the communication port 300. The data connection between the memory 200 and the processor 100 may be performed through a bus, or may be connected by other means. In the present embodiment, a bus connection will be described.
所述存储器200可以是随机存取存储器(Random Access Memory,RAM),也可以是非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。The memory 200 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage.
所述存储器200中存储程序。具体地,程序可以包括程序代码,所述程序代码包括计算机操作指令。A program is stored in the memory 200. In particular, the program can include program code, the program code including computer operating instructions.
其中,所述处理器100执行所述存储器200中存储的程序,以实现本发明图1所示的报文响应方法,包括:The processor 100 executes the program stored in the memory 200 to implement the message response method shown in FIG. 1 of the present invention, including:
通过所述通信端口300接收客户端发送的目标报文,获取所述目标报文的目的互联网协议IP地址并保存,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址;Receiving, by the communication port 300, the target packet sent by the client, and acquiring the destination Internet Protocol IP address of the target packet, where the target packet includes a source IP address, a source port number, and the destination IP address. ;
处理所述目标报文,以获取所述目标报文的响应报文,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号;Processing the target packet to obtain the response packet of the target packet, where the destination IP address and the destination port number of the response packet are the source IP address and the source port number of the target packet;
用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,通过所述通信端口300向所述客户端发送所述响应报文;
And replacing the source IP address of the response packet with the saved destination IP address of the target packet, and sending the response packet to the client by using the communication port 300;
通过所述通信端口300接收所述客户端发送的页面获取请求,处理所述页面获取请求,并通过所述通信端口300向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的统一资源定位符URL。Receiving, by the communication port 300, a page acquisition request sent by the client, processing the page acquisition request, and returning, by the communication port 300, a page response to the page acquisition request to the client, the page The response includes the Uniform Resource Locator URL of the first server.
可选地,所所述处理所述目标报文,以获取所述目标报文的响应报文,具体包括:Optionally, the processing the target packet to obtain the response packet of the target packet includes:
用接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;And replacing the destination IP address of the target packet with the IP address of the access device, and responding to the target packet to obtain a response packet of the target packet, where the source IP address of the response packet is the access IP address of the device;
相应地,所述接收所述客户端发送的页面获取请求,处理所述页面获取请求,具体包括:Correspondingly, the receiving the page obtaining request sent by the client, and processing the page obtaining request, specifically includes:
通过所述通信端口300接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应。Receiving, by the communication port 300, a page acquisition request sent by the client, and responding to the page acquisition request, obtaining a page response of the page acquisition request.
可选地,所述处理所述目标报文,以获取所述目标报文的响应报文,具体包括:Optionally, the processing the target packet to obtain the response packet of the target packet includes:
获取第二服务器的IP地址;Obtain the IP address of the second server;
用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;Replacing the destination IP address of the target packet with the IP address of the second server, and sending the target packet to the second server, so that the second server responds to the target packet and generates a response message of the target message;
接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址;Receiving, by the second server, the response packet, where the source IP address of the response packet is an IP address of the second server;
相应地,所述接收所述客户端发送的页面获取请求,处理所述页面获取请求,具体包括:Correspondingly, the receiving the page obtaining request sent by the client, and processing the page obtaining request, specifically includes:
通过所述通信端口300接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;Receiving, by the communication port 300, the page obtaining request, and forwarding the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request;
通过所述通信端口300接收所述第二服务器返回的所述页面响应。Receiving, by the communication port 300, the page response returned by the second server.
可选地,在所述接收所述客户端发送的页面获取请求,处理所述页面获取请求之前,所述方法还可以包括:Optionally, before the receiving the page obtaining request sent by the client, and processing the page obtaining request, the method may further include:
与所述客户端进行安全套接层SSL协商,确定与所述客户端之间进行通信的密钥;
Performing a secure socket layer SSL negotiation with the client to determine a key for communication with the client;
相应地,所述接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,具体包括:Correspondingly, the receiving the page obtaining request sent by the client, processing the page obtaining request, and returning the page response to the page obtaining request to the client, specifically:
通过所述通信端口300接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;Receiving, by the communication port 300, an HTTP GET request sent by the client and encrypted by the key, and performing decryption processing on the HTTP GET request according to the key;
响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;Responding to the HTTP GET request after the decryption process, obtaining a page response of the page acquisition request, and performing encryption processing on the page response according to the key;
通过所述通信端口300向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。The page response encrypted with the key is returned to the client via the communication port 300 to cause the client to communicate with the first server according to the URL of the first server.
可选地,所述接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,具体包括:Optionally, the receiving the target packet sent by the client, acquiring the destination IP address of the target packet, and saving, specifically:
通过所述通信端口300接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;Receiving, by the communication port 300, a target packet sent by the client, acquiring a source IP address, a source port number, and a destination IP address of the target packet;
将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表;The source IP address and the source port number of the target packet are used as key values, and the destination IP address of the target packet is used as a result value to create a data table.
所述存储器200还可用于存储所述数据表。The memory 200 can also be used to store the data table.
相应地,所述用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文,具体包括:Correspondingly, the source IP address of the response packet is replaced by the destination IP address of the saved target packet, and the response packet is sent to the client, which specifically includes:
将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;Using the destination IP address and the destination port number of the response packet as key values, searching for a data table corresponding to the key value;
从查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,通过所述通信端口300向所述客户端发送所述响应报文。The IP address as the result value is obtained from the searched data table, and the IP address is used as the source IP address of the response packet, and the response packet is sent to the client through the communication port 300.
上述的处理器100可以是通用处理器,包括中央处理器(Central Processing Unit,简称CPU)、网络处理器(Network Processor,简称NP)等;还可以是数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The processor 100 may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP processor, etc.), or a digital signal processor (DSP), an application specific integrated circuit. (ASIC), Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the details that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.
在本发明所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划
分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division, and may be additionally implemented in actual implementation.
Sub-systems, such as multiple units or components, may be combined or integrated into another system, or some features may be omitted or not implemented. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述该作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. . Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-described integrated unit implemented in the form of a software functional unit can be stored in a computer readable storage medium. The above software functional unit is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform the methods of the various embodiments of the present invention. Part of the steps. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like, which can store program codes. .
本领域技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, only the division of each functional module described above is exemplified. In practical applications, the above function assignment can be completed by different functional modules as needed, that is, the device is installed. The internal structure is divided into different functional modules to perform all or part of the functions described above. For the specific working process of the device described above, refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. range.
Claims (10)
- 一种报文响应方法,其特征在于,包括:A message response method, comprising:接入设备接收客户端发送的目标报文,获取所述目标报文的目的互联网协议IP地址并保存,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址;The access device receives the target packet sent by the client, and obtains the destination Internet Protocol IP address of the target packet, where the destination packet includes the source IP address, the source port number, and the destination IP address.所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号;The access device processes the target packet to obtain a response packet of the target packet, where the destination IP address and the destination port number of the response packet are the source IP address and the source port of the target packet. number;所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文;The access device replaces the source IP address of the response packet with the destination IP address of the saved target packet, and sends the response packet to the client.所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的统一资源定位符URL。Receiving, by the access device, a page acquisition request sent by the client, processing the page acquisition request, and returning a page response to the page acquisition request to the client, where the page response includes the first server Uniform Resource Locator URL.
- 根据权利要求1所述的方法,其特征在于,The method of claim 1 wherein所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,包括:The access device processes the target packet to obtain the response packet of the target packet, including:所述接入设备用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;The access device replaces the destination IP address of the target packet with the IP address of the access device, and responds to the target packet to obtain a response packet of the target packet, where the response packet is sent. The IP address is an IP address of the access device;相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,包括:Correspondingly, the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:所述接入设备接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应。Receiving, by the access device, a page obtaining request sent by the client, and responding to the page obtaining request, obtaining a page response of the page obtaining request.
- 根据权利要求1所述的方法,其特征在于,The method of claim 1 wherein所述接入设备处理所述目标报文,以获取所述目标报文的响应报文,包括:The access device processes the target packet to obtain the response packet of the target packet, including:所述接入设备获取第二服务器的IP地址;The access device acquires an IP address of the second server;所述接入设备用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文; The access device replaces the destination IP address of the target packet with the IP address of the second server, and sends the target packet to the second server, so that the second server responds to the target a message, and generating a response message of the target message;所述接入设备接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址;Receiving, by the access device, the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server;相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,包括:Correspondingly, the access device receives the page obtaining request sent by the client, and processes the page obtaining request, including:所述接入设备接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;Receiving, by the access device, the page obtaining request, and forwarding the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response of the page obtaining request;所述接入设备接收所述第二服务器返回的所述页面响应。The access device receives the page response returned by the second server.
- 根据权利要求2所述的方法,其特征在于,The method of claim 2 wherein:在所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求之前,所述方法还包括:Before the access device receives the page acquisition request sent by the client, and the processing the page acquisition request, the method further includes:所述接入设备与所述客户端进行安全套接层SSL协商,确定与所述客户端之间进行通信的密钥;The access device performs a secure socket layer SSL negotiation with the client to determine a key for communication with the client;相应地,所述接入设备接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,包括:Correspondingly, the access device receives the page acquisition request sent by the client, processes the page acquisition request, and returns a page response to the page acquisition request to the client, including:所述接入设备接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;The access device receives an HTTP GET request sent by the client and encrypted by the key, and performs decryption processing on the HTTP GET request according to the key;所述接入设备响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;Responding to the HTTP GET request after the decryption process, the access device obtains a page response of the page acquisition request, and performs encryption processing on the page response according to the key;所述接入设备向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。The access device returns the page response encrypted with the key to the client, so that the client communicates with the first server according to the URL of the first server.
- 根据权利要求1-4任一项所述的方法,其特征在于,A method according to any one of claims 1 to 4, characterized in that所述接入设备接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,包括:The access device receives the target packet sent by the client, obtains the destination IP address of the target packet, and saves the information, including:所述接入设备接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;Receiving, by the access device, a target packet sent by the client, acquiring a source IP address, a source port number, and a destination IP address of the target packet;所述接入设备将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表; The access device uses the source IP address and the source port number of the target packet as key values, and creates a data table by using the destination IP address of the target packet as a result value;相应地,所述接入设备用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文,包括:Correspondingly, the access device replaces the source IP address of the response packet with the saved destination IP address of the target packet, and sends the response packet to the client, including:所述接入设备将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;The access device uses the destination IP address and the destination port number of the response packet as key values to search for a data table corresponding to the key value;所述接入设备从查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。The access device obtains the IP address as the result value from the searched data table, and uses the IP address as the source IP address of the response packet to send the response packet to the client.
- 一种报文响应装置,其特征在于,所述装置设置于接入设备中,包括:A message response device, wherein the device is disposed in an access device, and includes:存储模块,用于接收客户端发送的目标报文,获取所述目标报文的目的IP地址并保存,所述目标报文中包括源IP地址、源端口号以及所述目的IP地址;a storage module, configured to receive a target packet sent by the client, obtain the destination IP address of the target packet, and save the destination IP address, the source port number, and the destination IP address;报文处理模块,用于处理所述目标报文,以获取所述目标报文的响应报文,所述响应报文的目的IP地址和目的端口号为所述目标报文的源IP地址和源端口号;a packet processing module, configured to process the target packet, to obtain a response packet of the target packet, where a destination IP address and a destination port number of the response packet are source IP addresses of the target packet Source port number;报文发送模块,用于用保存的所述目标报文的目的IP地址替换所述响应报文的源IP地址,向所述客户端发送所述响应报文;a message sending module, configured to replace the source IP address of the response packet with the destination IP address of the saved target packet, and send the response packet to the client;响应模块,用于接收所述客户端发送的页面获取请求,处理所述页面获取请求,并向所述客户端返回对所述页面获取请求的页面响应,所述页面响应中包括第一服务器的URL。a response module, configured to receive a page acquisition request sent by the client, process the page acquisition request, and return a page response to the page acquisition request to the client, where the page response includes a first server URL.
- 根据权利要求6所述的装置,其特征在于,The device of claim 6 wherein:所述报文处理模块具体用于:The packet processing module is specifically configured to:用所述接入设备的IP地址替换所述目标报文的目的IP地址,响应所述目标报文,得到所述目标报文的响应报文,所述响应报文的源IP地址为所述接入设备的IP地址;And replacing the destination IP address of the target packet with the IP address of the access device, and responding to the target packet to obtain a response packet of the target packet, where the source IP address of the response packet is IP address of the access device;所述响应模块具体用于:The response module is specifically configured to:接收所述客户端发送的页面获取请求,响应所述页面获取请求,得到所述页面获取请求的页面响应,并向所述客户端返回所述页面响应。Receiving a page acquisition request sent by the client, responding to the page acquisition request, obtaining a page response of the page acquisition request, and returning the page response to the client.
- 根据权利要求6所述的装置,其特征在于,The device of claim 6 wherein:所述报文处理模块包括: The packet processing module includes:IP获取单元,用于获取第二服务器的IP地址;An IP obtaining unit, configured to acquire an IP address of the second server;第一发送单元,用于用所述第二服务器的IP地址替换所述目标报文的目的IP地址,并向所述第二服务器发送所述目标报文,以使所述第二服务器响应所述目标报文,并生成所述目标报文的响应报文;a first sending unit, configured to replace a destination IP address of the target packet with an IP address of the second server, and send the target packet to the second server, so that the second server responds to the Decoding a target message, and generating a response message of the target message;第一接收单元,用于接收所述第二服务器返回的所述响应报文,所述响应报文的源IP地址为所述第二服务器的IP地址;a first receiving unit, configured to receive the response packet returned by the second server, where a source IP address of the response packet is an IP address of the second server;所述响应模块包括:The response module includes:请求处理单元,用于接收所述页面获取请求,向所述第二服务器转发所述页面获取请求,以使所述第二服务器响应所述页面获取请求,得到所述页面获取请求的页面响应;a request processing unit, configured to receive the page obtaining request, and forward the page obtaining request to the second server, so that the second server responds to the page obtaining request to obtain a page response request of the page obtaining request;响应处理单元,用于接收所述第二服务器返回的所述页面响应,并向所述客户端返回所述页面响应。The response processing unit is configured to receive the page response returned by the second server, and return the page response to the client.
- 根据权利要求7所述的装置,其特征在于,所述装置还包括:The device according to claim 7, wherein the device further comprises:SSL协商模块,用于与所述客户端进行SSL协商,确定与所述客户端之间进行通信的密钥;An SSL negotiation module, configured to perform SSL negotiation with the client to determine a key for communicating with the client;所述响应模块包括:The response module includes:第二接收单元,用于接收所述客户端发送的用所述密钥加密的HTTP GET请求,并根据所述密钥对所述HTTP GET请求进行解密处理;a second receiving unit, configured to receive an HTTP GET request sent by the client and encrypted by the key, and perform decryption processing on the HTTP GET request according to the key;响应获取单元,用于响应解密处理后的HTTP GET请求,得到所述页面获取请求的页面响应,并根据所述密钥对所述页面响应进行加密处理;The response obtaining unit is configured to obtain a page response of the page obtaining request in response to the decrypted HTTP GET request, and perform encryption processing on the page response according to the key;第二发送单元,用于向所述客户端返回用所述密钥加密的所述页面响应,以使所述客户端根据所述第一服务器的URL与所述第一服务器进行通信。a second sending unit, configured to return, to the client, the page response encrypted by the key, so that the client communicates with the first server according to a URL of the first server.
- 根据权利要求6-9任一项所述的装置,其特征在于,A device according to any one of claims 6-9, wherein所述存储模块包括:The storage module includes:IP获取单元,用于接收客户端发送的目标报文,获取所述目标报文的源IP地址、源端口号及目的IP地址;An IP obtaining unit, configured to receive a target packet sent by the client, and obtain a source IP address, a source port number, and a destination IP address of the target packet;创建单元,用于将所述目标报文的源IP地址和源端口号作为关键值,并将所述目标报文的目的IP地址作为结果值创建数据表; a creating unit, configured to use a source IP address and a source port number of the target packet as a key value, and create a data table by using a destination IP address of the target packet as a result value;所述报文发送模块包括:The message sending module includes:查找单元,用于将所述响应报文的目的IP地址和目的端口号作为关键值,查找所述关键值对应的数据表;a searching unit, configured to use a destination IP address and a destination port number of the response packet as key values to search for a data table corresponding to the key value;IP转换单元,用于从所述查找单元查找出的数据表中获取作为结果值的IP地址,并将所述IP地址作为所述响应报文的源IP地址,向所述客户端发送所述响应报文。 An IP conversion unit, configured to obtain an IP address as a result value from a data table searched by the searching unit, and send the IP address as a source IP address of the response packet to the client Response message.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410810775.5A CN105791451B (en) | 2014-12-22 | 2014-12-22 | Message response method and device |
CN201410810775.5 | 2014-12-22 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016101591A1 true WO2016101591A1 (en) | 2016-06-30 |
Family
ID=56149144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/083593 WO2016101591A1 (en) | 2014-12-22 | 2015-07-08 | Packet response method and apparatus |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105791451B (en) |
WO (1) | WO2016101591A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106059946A (en) * | 2016-05-23 | 2016-10-26 | 杭州华三通信技术有限公司 | Message forwarding method and message forwarding device |
CN111770161A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
CN112579933A (en) * | 2020-12-24 | 2021-03-30 | 中国农业银行股份有限公司 | Information processing method and device |
CN113014490A (en) * | 2021-02-25 | 2021-06-22 | 杭州迪普科技股份有限公司 | IP message forwarding method and device |
CN115118775A (en) * | 2022-06-21 | 2022-09-27 | 杭州迪普科技股份有限公司 | Method and device for processing browser access request and electronic equipment |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108011989B (en) * | 2017-11-30 | 2020-09-15 | 杭州盈高科技有限公司 | Redirection method and device |
CN108063839A (en) * | 2017-12-29 | 2018-05-22 | 深圳市九洲电器有限公司 | A kind of method for accessing network and the device for accessing network |
CN111064804B (en) * | 2019-12-30 | 2022-09-30 | 杭州迪普科技股份有限公司 | Network access method and device |
CN111901218A (en) * | 2020-06-23 | 2020-11-06 | 北京天融信网络安全技术有限公司 | Message transmission method, SSLVPN proxy server, electronic device and storage medium |
CN111726295B (en) * | 2020-06-28 | 2023-04-07 | 北京天融信网络安全技术有限公司 | Message processing method and device, network equipment and computer readable storage medium |
CN112615866B (en) * | 2020-12-22 | 2022-07-05 | 南京易安联网络技术有限公司 | Pre-authentication method, device and system for TCP connection |
CN113179268A (en) * | 2021-04-27 | 2021-07-27 | 青岛海信宽带多媒体技术有限公司 | Router and router network abnormity redirection method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111289A (en) * | 2009-12-23 | 2011-06-29 | 杭州华三通信技术有限公司 | Method and device for deploying authentication |
CN103327008A (en) * | 2013-05-22 | 2013-09-25 | 杭州华三通信技术有限公司 | HTTP reorienting method and HTTP reorienting device |
CN104184842A (en) * | 2013-05-24 | 2014-12-03 | 中兴通讯股份有限公司 | Message forwarding method and device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101030889A (en) * | 2007-04-18 | 2007-09-05 | 杭州华为三康技术有限公司 | Method and apparatus against attack |
CN101296238B (en) * | 2008-06-17 | 2011-04-20 | 杭州华三通信技术有限公司 | Method and equipment for remaining persistency of security socket layer conversation |
CN101873329A (en) * | 2010-06-29 | 2010-10-27 | 迈普通信技术股份有限公司 | Portal compulsory authentication method and access equipment |
CN102045398B (en) * | 2010-12-24 | 2013-08-28 | 杭州华三通信技术有限公司 | Portal-based distributed control method and equipment |
CN104104516B (en) * | 2014-07-30 | 2018-12-25 | 新华三技术有限公司 | A kind of portal authentication method and equipment |
-
2014
- 2014-12-22 CN CN201410810775.5A patent/CN105791451B/en active Active
-
2015
- 2015-07-08 WO PCT/CN2015/083593 patent/WO2016101591A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102111289A (en) * | 2009-12-23 | 2011-06-29 | 杭州华三通信技术有限公司 | Method and device for deploying authentication |
CN103327008A (en) * | 2013-05-22 | 2013-09-25 | 杭州华三通信技术有限公司 | HTTP reorienting method and HTTP reorienting device |
CN104184842A (en) * | 2013-05-24 | 2014-12-03 | 中兴通讯股份有限公司 | Message forwarding method and device |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106059946A (en) * | 2016-05-23 | 2016-10-26 | 杭州华三通信技术有限公司 | Message forwarding method and message forwarding device |
CN106059946B (en) * | 2016-05-23 | 2019-12-06 | 新华三技术有限公司 | Message forwarding method and device |
CN111770161A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
CN112579933A (en) * | 2020-12-24 | 2021-03-30 | 中国农业银行股份有限公司 | Information processing method and device |
CN112579933B (en) * | 2020-12-24 | 2023-12-08 | 中国农业银行股份有限公司 | Information processing method and device |
CN113014490A (en) * | 2021-02-25 | 2021-06-22 | 杭州迪普科技股份有限公司 | IP message forwarding method and device |
CN115118775A (en) * | 2022-06-21 | 2022-09-27 | 杭州迪普科技股份有限公司 | Method and device for processing browser access request and electronic equipment |
CN115118775B (en) * | 2022-06-21 | 2023-04-25 | 杭州迪普科技股份有限公司 | Browser access request processing method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN105791451A (en) | 2016-07-20 |
CN105791451B (en) | 2020-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016101591A1 (en) | Packet response method and apparatus | |
US10972436B1 (en) | System and method for session affinity in proxy media routing | |
US12052310B2 (en) | Origin server cloaking using virtual private cloud network environments | |
CN109983752B (en) | Network address with encoded DNS level information | |
CA2905583C (en) | Secure network communication | |
US9954678B2 (en) | Content-based transport security | |
EP2965486B1 (en) | Low latency server-side redirection of udp-based transport protocols traversing a client-side nat-firewall | |
US20180234246A1 (en) | Providing cross site request forgery protection at an edge server | |
KR102095893B1 (en) | Service processing method and device | |
US9531679B2 (en) | Content-based transport security for distributed producers | |
WO2020019478A1 (en) | Communication data encryption method and apparatus | |
RU2661757C2 (en) | Cashing of encrypted content | |
US10200469B2 (en) | Method and system for information synchronization between cloud storage gateways, and cloud storage gateway | |
CN101977224A (en) | SSL VPN equipment-based Web resource authentication information management method | |
KR101779917B1 (en) | Method, apparatus, program and recording medium for providing media resource | |
US20220353233A1 (en) | Methods and systems for accessing content | |
JP2016053950A (en) | System and method for reliable content exchange of ccn pipeline stream | |
CN111049832B (en) | Reverse proxy method and related device | |
US20240106811A1 (en) | Systems and methods for network privacy | |
CN109450849B (en) | Cloud server networking method based on block chain | |
CN112152992A (en) | End-to-end data secure transmission network communication method and device | |
CN109274765B (en) | Data transmission method, equipment and system | |
JP6396831B2 (en) | Encryption communication system, encryption communication method, encryption communication apparatus, and encryption communication apparatus registration server | |
KR101594897B1 (en) | Secure Communication System and Method for Building a Secure Communication Session between Lightweight Things | |
Tschofenig et al. | CORE C. Bormann Internet-Draft Universitaet Bremen TZI Intended status: Standards Track S. Lemay Expires: February 25, 2017 Zebra Technologies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15871665 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15871665 Country of ref document: EP Kind code of ref document: A1 |